www.stuff.co.nz Open in urlscan Pro
2a02:26f0:ea:4a6::3871 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Submission: On September 07 via api (September 7th 2022, 8:51:29 pm UTC) from US — Scanned from DE

Summary HTTP 140 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 55 IPs in 8 countries across 42 domains to perform 140 HTTP transactions. The main IP is 2a02:26f0:ea:4a6::3871, located in Vienna, Austria and belongs to AKAMAI-ASN1, NL. The main domain is www.stuff.co.nz. The Cisco Umbrella rank of the primary domain is 202185.
TLS certificate: Issued by DigiCert ECC Secure Server CA on February 21st 2022. Valid for: 7 months.

This is the only time www.stuff.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 32	2a02:26f0:ea:... 2a02:26f0:ea:4a6::3871	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	35.190.72.53 35.190.72.53	15169 (GOOGLE) (GOOGLE)
1	151.101.2.217 151.101.2.217	54113 (FASTLY) (FASTLY)
3	23.35.237.86 23.35.237.86	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:205... 2600:9000:2057:ec00:1a:9e13:5280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	65.9.66.111 65.9.66.111	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
6	34.252.39.216 34.252.39.216	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	152.67.117.181 152.67.117.181	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	143.204.215.114 143.204.215.114	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3032::ac43:bf95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::ac43:45f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.120.195.249 34.120.195.249	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:80e::200a	15169 (GOOGLE) (GOOGLE)
1	99.86.4.6 99.86.4.6	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:214... 2600:9000:214f:d200:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	2600:9000:206... 2600:9000:206f:1a00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700::68... 2606:4700::6810:f015	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
1	35.190.50.98 35.190.50.98	15169 (GOOGLE) (GOOGLE)
3	64.202.112.255 64.202.112.255	23352 (SERVERCEN...) (SERVERCENTRAL)
1	52.215.50.2 52.215.50.2	16509 (AMAZON-02) (AMAZON-02)
1 1	52.17.253.32 52.17.253.32	16509 (AMAZON-02) (AMAZON-02)
1	52.209.16.61 52.209.16.61	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:4600:1e:9232:ebc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.130.227 151.101.130.227	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	23.35.229.181 23.35.229.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:5400:1b:11ff:f600:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
4	23.205.241.117 23.205.241.117	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.61.60 65.9.61.60	16509 (AMAZON-02) (AMAZON-02)
1	151.101.14.132 151.101.14.132	54113 (FASTLY) (FASTLY)
2	34.251.191.33 34.251.191.33	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:1000:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:350... 2a02:26f0:3500:893::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 1	3.124.33.5 3.124.33.5	16509 (AMAZON-02) (AMAZON-02)
1	151.101.66.227 151.101.66.227	54113 (FASTLY) (FASTLY)
1	3.105.141.111 3.105.141.111	16509 (AMAZON-02) (AMAZON-02)
2	35.227.201.100 35.227.201.100	15169 (GOOGLE) (GOOGLE)
1	23.205.239.15 23.205.239.15	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	63.34.81.234 63.34.81.234	16509 (AMAZON-02) (AMAZON-02)
1 1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	54.80.61.218 54.80.61.218	14618 (AMAZON-AES) (AMAZON-AES)
1	52.18.211.80 52.18.211.80	16509 (AMAZON-02) (AMAZON-02)
2 2	52.18.161.218 52.18.161.218	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::2013	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:2a41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
3	147.75.83.64 147.75.83.64	54825 (PACKET) (PACKET)
1	23.35.228.23 23.35.228.23	16625 (AKAMAI-AS) (AKAMAI-AS)
5	23.35.229.56 23.35.229.56	16625 (AKAMAI-AS) (AKAMAI-AS)
140	55

32 2a02:26f0:ea:4a6::3871 (Vienna, Austria) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
interactives.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static3.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
my.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.53 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 53.72.190.35.bc.googleusercontent.com

static.apester.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.217 (United States)

ASN54113 (FASTLY, US)

sdk.apester.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.237.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-86.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ec00:1a:9e13:5280:93a1 (United States)

ASN16509 (AMAZON-02, US)

videos.oovvuu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-111.fra56.r.cloudfront.net

dashboard.presspatron.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.252.39.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.67.117.181 (Bungarribee, Australia)

ASN31898 (ORACLE-BMC-31898, US)

stuffnz-sydney.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-114.fra53.r.cloudfront.net

cdn.kdaimo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:bf95 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:45f7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o68184.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-6.fra6.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:d200:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:1a00:1e:a43d:b640:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:f015 (United States)

ASN13335 (CLOUDFLARENET, US)

experience-au.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
code.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy-au.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2-au.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

cdn.neighbourly.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.50.98 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 98.50.190.35.bc.googleusercontent.com

cdn.sajari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.202.112.255 (Lovettsville, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

amplifypixel.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mcdp-nydc1.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.50.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-50-2.eu-west-1.compute.amazonaws.com

fairfax.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.253.32 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-253-32.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.16.61 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-16-61.eu-west-1.compute.amazonaws.com

fairfaxnz.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:4600:1e:9232:ebc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sdk.ffxpub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.227 (United States)

ASN54113 (FASTLY, US)

resources.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.229.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-181.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

fairfaxnzstuffoverallproduction.112.2o7.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:5400:1b:11ff:f600:21 (United States)

ASN16509 (AMAZON-02, US)

d867x8xq12ag.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.241.117 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-241-117.deploy.static.akamaitechnologies.com

c.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
l3.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.61.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-61-60.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.191.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-191-33.eu-west-1.compute.amazonaws.com

secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:1000:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:893::268b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.33.5 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-33-5.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.227 (United States)

ASN54113 (FASTLY, US)

adfeeds.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.105.141.111 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-105-141-111.ap-southeast-2.compute.amazonaws.com

adapi.stuff.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.201.100 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 100.201.227.35.bc.googleusercontent.com

events.apester.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.239.15 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-239-15.deploy.static.akamaitechnologies.com

www.aaxdetect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.81.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.80.61.218 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-61-218.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.211.80 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-211-80.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.18.161.218 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-161-218.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

re.sajari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:2a41 (United States)

ASN13335 (CLOUDFLARENET, US)

buy-au.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.83.64 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com

c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.35.229.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-56.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	stuff.co.nz 1 redirects www.stuff.co.nz — Cisco Umbrella Rank: 202185 interactives.stuff.co.nz — Cisco Umbrella Rank: 553652 static3.stuff.co.nz — Cisco Umbrella Rank: 757635 my.stuff.co.nz — Cisco Umbrella Rank: 401720 resources.stuff.co.nz — Cisco Umbrella Rank: 257346 adfeeds.stuff.co.nz — Cisco Umbrella Rank: 519751 adapi.stuff.co.nz — Cisco Umbrella Rank: 551865	1 MB
12	piano.io experience-au.piano.io — Cisco Umbrella Rank: 467501 code.piano.io — Cisco Umbrella Rank: 38348 buy-au.piano.io — Cisco Umbrella Rank: 344973 c2-au.piano.io — Cisco Umbrella Rank: 325610 i.piano.io — Cisco Umbrella Rank: 49997	252 KB
11	imrworldwide.com 2 redirects cdn-gl.imrworldwide.com — Cisco Umbrella Rank: 2629 secure-gl.imrworldwide.com — Cisco Umbrella Rank: 2066 secure-dcr.imrworldwide.com — Cisco Umbrella Rank: 2541 3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com	80 KB
9	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 355	90 KB
7	cxense.com cdn.cxense.com — Cisco Umbrella Rank: 5632 p1cluster.cxense.com — Cisco Umbrella Rank: 10706 comcluster.cxense.com — Cisco Umbrella Rank: 5366 id.cxense.com — Cisco Umbrella Rank: 11107	67 KB
7	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 297 fairfax.demdex.net — Cisco Umbrella Rank: 446052	10 KB
7	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 553	149 KB
6	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1474 amplifypixel.outbrain.com — Cisco Umbrella Rank: 19889 widget-pixels.outbrain.com — Cisco Umbrella Rank: 3337 odb.outbrain.com — Cisco Umbrella Rank: 1813 mcdp-nydc1.outbrain.com — Cisco Umbrella Rank: 5995	75 KB
5	teads.tv a.teads.tv — Cisco Umbrella Rank: 1392 t.teads.tv — Cisco Umbrella Rank: 2658	134 KB
5	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 226 stats.g.doubleclick.net — Cisco Umbrella Rank: 188 cm.g.doubleclick.net — Cisco Umbrella Rank: 303	133 KB
4	aaxads.com c.aaxads.com — Cisco Umbrella Rank: 4150 l3.aaxads.com — Cisco Umbrella Rank: 6856	131 KB
4	apester.com 1 redirects static.apester.com — Cisco Umbrella Rank: 18782 sdk.apester.com — Cisco Umbrella Rank: 19910 events.apester.com — Cisco Umbrella Rank: 18207	65 KB
3	exelator.com 2 redirects loadm.exelator.com — Cisco Umbrella Rank: 2436 load77.exelator.com — Cisco Umbrella Rank: 4165	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	40 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 1087	586 B
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1847 beacon.krxd.net — Cisco Umbrella Rank: 741	529 B
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 4001 p1.parsely.com — Cisco Umbrella Rank: 3342	26 KB
2	2o7.net 1 redirects fairfaxnzstuffoverallproduction.112.2o7.net	1 KB
2	outbrainimg.com tcheck.outbrainimg.com — Cisco Umbrella Rank: 4265 log.outbrainimg.com — Cisco Umbrella Rank: 2588	789 B
2	sajari.com cdn.sajari.com — Cisco Umbrella Rank: 112906 re.sajari.com — Cisco Umbrella Rank: 131216	23 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120 ajax.googleapis.com — Cisco Umbrella Rank: 480	13 KB
2	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 3797	17 KB
2	presspatron.com dashboard.presspatron.com — Cisco Umbrella Rank: 91063	12 KB
1	media.net c21lg-d.media.net — Cisco Umbrella Rank: 3461	329 B
1	addthis.com 1 redirects x.dlx.addthis.com — Cisco Umbrella Rank: 2012	174 B
1	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 1115	214 B
1	aaxdetect.com www.aaxdetect.com — Cisco Umbrella Rank: 10346	342 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 775	479 B
1	google.de www.google.de — Cisco Umbrella Rank: 3469	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 19	501 B
1	cloudfront.net d867x8xq12ag.cloudfront.net	736 B
1	ffxpub.com sdk.ffxpub.com — Cisco Umbrella Rank: 656281	20 KB
1	omtrdc.net fairfaxnz.tt.omtrdc.net — Cisco Umbrella Rank: 476854	719 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1651	517 B
1	neighbourly.co.nz cdn.neighbourly.co.nz — Cisco Umbrella Rank: 471507	7 KB
1	rlcdn.com ats.rlcdn.com — Cisco Umbrella Rank: 2028	36 KB
1	sentry.io o68184.ingest.sentry.io — Cisco Umbrella Rank: 501474	277 B
1	npttech.com www.npttech.com — Cisco Umbrella Rank: 5861	3 KB
1	kdaimo.com cdn.kdaimo.com — Cisco Umbrella Rank: 39600	4 KB
1	gscontxt.net stuffnz-sydney.gscontxt.net — Cisco Umbrella Rank: 447598	302 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 234	28 KB
1	oovvuu.com videos.oovvuu.com — Cisco Umbrella Rank: 393345
140	42

	Domain	Requested by
25	www.stuff.co.nz	www.stuff.co.nz
9	cdnjs.cloudflare.com	buy-au.piano.io
7	assets.adobedtm.com	www.stuff.co.nz assets.adobedtm.com
6	buy-au.piano.io	code.piano.io www.stuff.co.nz buy-au.piano.io
6	dpm.demdex.net	assets.adobedtm.com www.stuff.co.nz
5	my.stuff.co.nz	1 redirects www.stuff.co.nz my.stuff.co.nz
4	cdn.cxense.com	code.piano.io cdn.cxense.com
4	secure-gl.imrworldwide.com	2 redirects secure-gl.imrworldwide.com www.stuff.co.nz
4	cdn-gl.imrworldwide.com	www.stuff.co.nz cdn-gl.imrworldwide.com
3	a.teads.tv	www.stuff.co.nz a.teads.tv
3	i.piano.io	buy-au.piano.io
3	c.aaxads.com	www.stuff.co.nz c.aaxads.com
3	www.google-analytics.com	assets.adobedtm.com www.stuff.co.nz d867x8xq12ag.cloudfront.net
2	t.teads.tv
2	sync.crwdcntrl.net	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	loadm.exelator.com	2 redirects
2	events.apester.com	www.stuff.co.nz
2	secure-dcr.imrworldwide.com	www.stuff.co.nz
2	fairfaxnzstuffoverallproduction.112.2o7.net	1 redirects www.stuff.co.nz
2	securepubads.g.doubleclick.net	www.googletagservices.com www.stuff.co.nz
2	cdn.brandmetrics.com	www.stuff.co.nz cdn.brandmetrics.com
2	dashboard.presspatron.com	www.stuff.co.nz dashboard.presspatron.com
2	widgets.outbrain.com	www.stuff.co.nz widgets.outbrain.com
1	id.cxense.com	cdn.cxense.com
1	comcluster.cxense.com	cdn.cxense.com
1	c21lg-d.media.net	c.aaxads.com
1	p1cluster.cxense.com	cdn.cxense.com
1	ajax.googleapis.com	buy-au.piano.io
1	re.sajari.com	www.stuff.co.nz
1	beacon.krxd.net	www.stuff.co.nz
1	usermatch.krxd.net	1 redirects
1	x.dlx.addthis.com	1 redirects
1	p1.parsely.com	www.stuff.co.nz
1	l3.aaxads.com	www.stuff.co.nz
1	token.rubiconproject.com	www.stuff.co.nz
1	mcdp-nydc1.outbrain.com	www.stuff.co.nz
1	load77.exelator.com	www.stuff.co.nz
1	www.aaxdetect.com	www.stuff.co.nz
1	adapi.stuff.co.nz	www.stuff.co.nz
1	adfeeds.stuff.co.nz	www.stuff.co.nz
1	log.outbrainimg.com	www.stuff.co.nz
1	aa.agkn.com	1 redirects
1	www.google.de	www.stuff.co.nz
1	www.google.com	www.stuff.co.nz
1	c2-au.piano.io	www.stuff.co.nz
1	3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com	www.stuff.co.nz
1	odb.outbrain.com	widgets.outbrain.com
1	cdn.parsely.com	www.stuff.co.nz
1	code.piano.io	experience-au.piano.io
1	stats.g.doubleclick.net	www.stuff.co.nz
1	d867x8xq12ag.cloudfront.net	dashboard.presspatron.com
1	widget-pixels.outbrain.com	www.stuff.co.nz
1	tcheck.outbrainimg.com	www.stuff.co.nz
1	resources.stuff.co.nz	www.stuff.co.nz
1	sdk.ffxpub.com	www.stuff.co.nz
1	fairfaxnz.tt.omtrdc.net	www.stuff.co.nz
1	cm.everesttech.net	1 redirects
1	fairfax.demdex.net	assets.adobedtm.com
1	amplifypixel.outbrain.com	www.stuff.co.nz
1	cdn.sajari.com	www.stuff.co.nz
1	cdn.neighbourly.co.nz	www.stuff.co.nz
1	experience-au.piano.io	www.stuff.co.nz
1	ats.rlcdn.com	www.stuff.co.nz
1	static3.stuff.co.nz	www.stuff.co.nz
1	interactives.stuff.co.nz	www.stuff.co.nz
1	fonts.googleapis.com	www.stuff.co.nz
1	o68184.ingest.sentry.io	www.stuff.co.nz
1	www.npttech.com	www.stuff.co.nz
1	cdn.kdaimo.com	www.stuff.co.nz
1	stuffnz-sydney.gscontxt.net	www.stuff.co.nz
1	www.googletagservices.com	www.stuff.co.nz
1	videos.oovvuu.com	www.stuff.co.nz
1	sdk.apester.com	www.stuff.co.nz
1	static.apester.com	1 redirects
140	75

This site contains links to these domains. Also see Links.

Domain
interactives.stuff.co.nz
advertise.stuff.co.nz
stuff.co.nz
www.stuffads.co.nz
play.stuff.co.nz
neighbourly.co.nz
mags4gifts.co.nz
www.ensemblemagazine.co.nz
www.stuffevents.co.nz
coupons.stuff.co.nz
dashboard.presspatron.com
www.neighbourly.co.nz
travel-booking.stuff.co.nz
wildclean.com
deaths.stuff.co.nz
careers.stuff.co.nz
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
www.stuff.co.nz DigiCert ECC Secure Server CA	`2022-02-21` - `2022-10-05`	7 months	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-04`	a year	crt.sh
videos.oovvuu.com Amazon	`2021-12-17` - `2023-01-15`	a year	crt.sh
dashboard.presspatron.com Amazon	`2022-02-16` - `2023-03-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.gscontxt.net DigiCert TLS RSA SHA256 2020 CA1	`2021-12-08` - `2022-12-08`	a year	crt.sh
cdn.kdaimo.com Amazon	`2021-10-28` - `2022-11-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
*.ingest.sentry.io R3	`2022-08-20` - `2022-11-18`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
piano.io Cloudflare Inc ECC CA-3	`2022-04-27` - `2023-04-26`	a year	crt.sh
*.neighbourly.co.nz R3	`2022-08-10` - `2022-11-08`	3 months	crt.sh
cdn.sajari.com GTS CA 1D4	`2022-07-25` - `2022-10-23`	3 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-11` - `2022-10-12`	a year	crt.sh
ffxpub.com Amazon	`2022-06-25` - `2023-07-24`	a year	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.aaxads.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.parsely.com Amazon	`2022-06-05` - `2023-07-04`	a year	crt.sh
*.nuid.imrworldwide.com Amazon	`2022-05-12` - `2023-06-10`	a year	crt.sh
*.cxense.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-17` - `2023-04-17`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.stuff.co.nz Amazon	`2021-10-29` - `2022-11-27`	a year	crt.sh
events.apester.com R3	`2022-08-11` - `2022-11-09`	3 months	crt.sh
*.aaxdetect.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
re.sajari.com GTS CA 1D4	`2022-08-21` - `2022-11-19`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
teads.tv R3	`2022-08-17` - `2022-11-15`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Frame ID: FE9945064A35A34D96C2DF4309BAA3AE
Requests: 99 HTTP requests in this frame

Frame: https://fairfax.demdex.net/dest5.html?d_nsid=0
Frame ID: DE56AD2AB57348B76DDC294D799997AA
Requests: 8 HTTP requests in this frame

Frame: https://dashboard.presspatron.com/websites/153/custom_button
Frame ID: 5BB540131CEB5CF662C468B1184FFE94
Requests: 3 HTTP requests in this frame

Frame: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131
Frame ID: 60BA10A6BA565CF8CCCBAC8322B6AE32
Requests: 2 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 03040FA1A21E58C8866361C255978B7E
Requests: 3 HTTP requests in this frame

Frame: https://secure-gl.imrworldwide.com/storageframe.html
Frame ID: DE199E24893DD7CC3058D174C67E8AA9
Requests: 1 HTTP requests in this frame

Frame: https://my.stuff.co.nz/session-management
Frame ID: B253C5A01BBE006AB621AEF3D6C199BA
Requests: 3 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAX76609S&fv=1&fy=37&ke=1&suylg=3004%2C292%2C310%2C267%2C195%2C159%2C209%2C203%2C263%2C206%2C271%2C214%2C89%2C368%2C272%2C356%2C241%2C167%2C251%2C213%2C282%2C229&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: 6AEBA67089EBE29F403D3EB52CFB7165
Requests: 2 HTTP requests in this frame

Frame: https://buy-au.piano.io/checkout/template/cacheableShow?aid=ooaGPZ28pa&templateId=OT7A8RZIFO4E&offerId=fakeOfferId&experienceId=EX56LBDCL3RM&iframeId=offer_d69a7ec253276449135a-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid-au.piano.io%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.stuff.co.nz
Frame ID: 43E0089521BF2A64029A2795C46EA8C5
Requests: 17 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: 35FA9A93C5292A0F6B75EDAF605A7858
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ransomware attack: Waikato DHB supporting patients after documents dumped online | Stuff.co.nzFacebookTwitterWhatsAppRedditEmailFacebookTwitterWhatsAppRedditEmailFacebookTwitterSnapchatShielded Site

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
\bangular.{0,32}\.js

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react
react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

widgets\.outbrain\.com/outbrain\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

140
Requests

92 %
HTTPS

39 %
IPv6

42
Domains

75
Subdomains

55
IPs

8
Countries

2601 kB
Transfer

7427 kB
Size

45
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://interactives.stuff.co.nz/2020/03/support-stuffs-journalism/?utm_supportprogramme=navigationbar
Title: contribute

Search URL Search Domain Scan URL

URL: https://advertise.stuff.co.nz/
Title: Advertising

Search URL Search Domain Scan URL

URL: https://stuff.co.nz/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://stuff.co.nz/about-stuff/10648385/Privacy-Policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://stuff.co.nz/about-stuff/33785/Contact-Us
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.stuffads.co.nz/
Title: stuff ads

Search URL Search Domain Scan URL

URL: https://play.stuff.co.nz/
Title: Play Stuff

Search URL Search Domain Scan URL

URL: https://neighbourly.co.nz/
Title: neighbourly

Search URL Search Domain Scan URL

URL: https://mags4gifts.co.nz/
Title: mags4gifts

Search URL Search Domain Scan URL

URL: https://www.ensemblemagazine.co.nz/
Title: Ensemble

Search URL Search Domain Scan URL

URL: https://www.stuffevents.co.nz/
Title: stuff events

Search URL Search Domain Scan URL

URL: https://coupons.stuff.co.nz/
Title: stuff coupons

Search URL Search Domain Scan URL

URL: https://dashboard.presspatron.com/donations/new?frame=1&t=TJu26zZFBKa635NQ13AZRn8S

Search URL Search Domain Scan URL

URL: https://www.neighbourly.co.nz/
Title: Neighbourly

Search URL Search Domain Scan URL

URL: https://travel-booking.stuff.co.nz/
Title: Travel Bookings

Search URL Search Domain Scan URL

URL: https://wildclean.com/
Title: WildClean

Search URL Search Domain Scan URL

URL: https://deaths.stuff.co.nz/obituaries/stuff-nz
Title: Family Notices

Search URL Search Domain Scan URL

URL: https://careers.stuff.co.nz/
Title: Careers

Search URL Search Domain Scan URL

URL: https://stuff.co.nz/about-stuff/10647720/Stuffs-terms-and-conditions
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Stuff.co.nz
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/NZStuff
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://static.apester.com/js/sdk/latest/apester-sdk.js HTTP 301
https://sdk.apester.com/web-sdk.core.legacy.min.js

Request Chain 40

https://secure-gl.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 46

https://cm.everesttech.net/cm/dd?d_uuid=54014277804052494904341488304845762271 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YxkESwAAACBJ3wNn

Request Chain 58

https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&c.&getPercentPageViewed=5.0.1&handlePPVevents=4.0&p_fo=3.0&getPreviousValue=3.0&getPageLoadTime=2.0.1&performanceWriteFull=1.0&performanceWritePart=1.0&performanceCheck=1.0&.c&events=&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1 HTTP 302
https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&pccr=true&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&c.&getPercentPageViewed=5.0.1&handlePPVevents=4.0&p_fo=3.0&getPreviousValue=3.0&getPageLoadTime=2.0.1&performanceWriteFull=1.0&performanceWritePart=1.0&performanceCheck=1.0&.c&events=&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1

Request Chain 61

https://my.stuff.co.nz/authorize?client_id=6380a421-afcd-45b4-b9ab-393d3f105da3&redirect_uri=https%3A%2F%2Fwww.stuff.co.nz%2Fstatic%2Fstuff-login-browser-sdk%2F1.2.3%2Fcallback%2Fsignin-callback.html&response_type=id_token%20token&scope=openid%20profile%20email%20address&state=55afc4d7d7b5460c9afcb92d5fb9437a&nonce=7196eb7071614417a5bf4b488420cfda&prompt=none HTTP 302
https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131

Request Chain 81

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=54014277804052494904341488304845762271 HTTP 302
https://dpm.demdex.net/ibs:dpid=21&dpuuid=216633104267004201578

Request Chain 85

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&sr=1600x1200&id=lstrg-0b5090cce8403cf22b3dd8cea73ce4bc HTTP 302
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&sr=1600x1200&id=lstrg-0b5090cce8403cf22b3dd8cea73ce4bc&ja=1

Request Chain 91

https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=54014277804052494904341488304845762271 HTTP 302
https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=54014277804052494904341488304845762271&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 99

https://x.dlx.addthis.com/e/demdex_sync?na_exid=54014277804052494904341488304845762271&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20 HTTP 301
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022090720512400016808126021

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTQwMTQyNzc4MDQwNTI0OTQ5MDQzNDE0ODgzMDQ4NDU3NjIyNzE= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTQwMTQyNzc4MDQwNTI0OTQ5MDQzNDE0ODgzMDQ4NDU3NjIyNzE=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAeRmayYsz_giSKZGCVvgVA&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 103

https://usermatch.krxd.net/um/v2?partner=adobe&id=54014277804052494904341488304845762271 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=54014277804052494904341488304845762271

Request Chain 104

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=54014277804052494904341488304845762271?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=54014277804052494904341488304845762271?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=

140 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online Show response
www.stuff.co.nz/business/125592089/ 130 KB
37 KB 853ms
420ms Document
text/html 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Varnish / Express

Resource Hash

f80109ec490539b25ef57335c1b19502a84d390dafbd39d24163b5d20691431e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=180
content-encoding: gzip
content-length: 37417
content-security-policy: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/
content-type: text/html; charset=utf-8
date: Wed, 07 Sep 2022 20:51:22 GMT
etag: W/"1f068-fWPTAs9lmqGH+CNvT2aL5Uu2ZAE"
expires: Wed, 07 Sep 2022 20:54:22 GMT
server: Varnish
server-timing: serverLoadProps=597; "Server load props time", serverRender=5; "Server render time", total=632.9901699999999; "Total Response Time"
vary: Accept-Encoding
x-akamai-transformed: 9 36059 0 pmb=mTOE,2
x-cache-origin: HIT:Varnish
x-esi-enable: 1
x-lastbigmodificationtime: Tue, 29 Jun 2021 05:08:04 GMT
x-lastpublishtime: Tue, 29 Jun 2021 05:08:05 GMT
x-powered-by: Express
x-sics-version: 7.18.10
x-varnish: 73673375 1809289

GET
H2 200 launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js Show response
assets.adobedtm.com/ 412 KB
124 KB 111ms
22ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 09675ea155d08e959872d1f64ae603c9e0071d502c7ddfe853e0fbabf7e9cc15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:50 GMT
server: AkamaiNetStorage
etag: "02c3030e25ead8aa3ab4580fc3536a80:1659317990.308043"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 126779
expires: Wed, 07 Sep 2022 21:51:22 GMT

GET
H2 200 stuff-login-sdk.js Show response
www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/ 322 KB
87 KB 74ms
72ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/stuff-login-sdk.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 286a5bcfa642461849ca5397fde16452a1f50d784bc7cb1631099ced066831ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
content-length: 88598
x-esi-enable: 0
last-modified: Wed, 19 May 2021 02:37:50 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: W/"f73b63b9788f2f623698b107ed61ddba"
vary: Accept-Encoding
x-varnish: 352248230 325443964
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 stuff-sans.css
www.stuff.co.nz/static/spade/fonts/ 5 KB
721 B 52ms
50ms Stylesheet
text/css 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 9d2ed300e56e6818a6d7436b2bf489c58af9948328afc1985caf73a9f444c71d

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
content-length: 452
x-esi-enable: 0
last-modified: Tue, 17 May 2022 04:11:23 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: W/"8783ea926fd6938471a3adee7992b39b"
vary: Accept-Encoding
x-varnish: 122399417 100822627
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: text/css
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 STUFFSANSWEB-Regular.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 34 KB
34 KB 61ms
59ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-Regular.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: eba8e146cb4aeb1da575bb17f8961d2594d0f60af6d7eaed5cdc95c4dcd451a1

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:52 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "fe6cd12a1cf8b8619df8988d8a9de8a6"
x-varnish: 159983135 103426127
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 34328
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 STUFFSANSWEB-Medium.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 34 KB
34 KB 96ms
94ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-Medium.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: aa2364dedec6a43252d203e609c5a6f15a8a115004481e2713102c9623fb9435

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:50 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "5ab0cd26b9190f6f68b2662a04b6c497"
x-varnish: 138917018 143623503
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 34512
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 STUFFSANSWEB-SemiBold.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 34 KB
34 KB 96ms
94ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-SemiBold.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 5522fa3faddd44754a3031f0cea90f32c4da5ca5246a91be3f88fd58478d2005

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:51 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "c0f391724faf1f645baa4e7063639d47"
x-varnish: 141964601 87530541
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 34928
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 STUFFSANSWEB-Bold.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 35 KB
35 KB 96ms
94ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-Bold.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 94b570c0adf306d4cfd4e6acf9750c96c2f8e8e5ec413d2776f247cdcd70e754

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:45 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "87f1f4039a6a436c46cddb11fab184cd"
x-varnish: 143623696 75768493
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 35376
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
H2 200 promise.c023f864b8f8372dbaa4.js Show response
www.stuff.co.nz/sics-assets/js/ 9 KB
4 KB 122ms
120ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/js/promise.c023f864b8f8372dbaa4.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 6e29947674d4ba75d5417e6ad8b7d8f30cc56310394c1e5d4de713b827c31f73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Sun, 29 May 2022 12:04:02 GMT
server: S3
x-esi-enable: 0
x-cache-origin: HIT:Varnish
etag: W/"347ec38f6b02fa33ea79363c64b5bc54"
vary: Accept-Encoding
x-varnish: 138917019 141808218
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: application/javascript
content-length: 3306
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 stuff-plugins.min.js Show response
www.stuff.co.nz/static/scripts/stuff-plugins/ 6 KB
3 KB 66ms
63ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/scripts/stuff-plugins/stuff-plugins.min.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 15f0e8785ed86a7e2f77ee7f29dcb9c6dde7dd976e04de99c9d9e4cde7672aa9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
content-length: 2408
x-esi-enable: 0
last-modified: Tue, 13 Oct 2020 00:46:27 GMT
server: S3
x-cache-origin: MISS:Varnish
etag: W/"e40968ccc329fa7fbc798f38e6627b5c"
vary: Accept-Encoding
x-varnish: 1514836
access-control-allow-origin: *
cache-control: public, max-age=3600
referer
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 07 Sep 2022 21:51:22 GMT

GET
H2

200

web-sdk.core.legacy.min.js Show response
sdk.apester.com/
Redirect Chain

https://static.apester.com/js/sdk/latest/apester-sdk.js
https://sdk.apester.com/web-sdk.core.legacy.min.js

177 KB
65 KB

319ms
23ms

Script
application/javascript

151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.apester.com/web-sdk.core.legacy.min.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Server: 151.101.2.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 1a0decca0c2168150ddc4982022766c1a3268e18187e083149f4af1643a7ba06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
age: 751
x-cache: HIT
content-length: 66329
x-served-by: cache-hhn4047-HHN
access-control-allow-origin: *
last-modified: Sun, 04 Sep 2022 08:01:45 GMT
server: nginx/1.20.2
x-timer: S1662583884.596493,VS0,VE0
etag: W/"63145b69-2c3c7"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
via: 1.1 google, 1.1 varnish
cache-control: public,s-maxage=900,max-age=900
accept-ranges: bytes
x-cache-hits: 2861

Redirect headers

date: Wed, 07 Sep 2022 20:36:58 GMT
via: 1.1 google
server: nginx/1.23.1
age: 865
vary: Accept-Encoding
content-type: text/html
location: https://sdk.apester.com/web-sdk.core.legacy.min.js
cache-control: public,s-maxage=942,max-age=942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 169

GET
H2 200 style.2a242b74b689207.css
www.stuff.co.nz/sics-assets/css/ 143 KB
34 KB 94ms
93ms Stylesheet
text/css 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/css/style.2a242b74b689207.css
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 788428389780b0f3802dcb3ad86176ba22aefec9a6d7f255794755c34d2ec264

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 00:39:18 GMT
server: S3
x-esi-enable: 0
x-cache-origin: HIT:Varnish
etag: W/"0aa922f60435207e42f4119e7081de0d"
vary: Accept-Encoding
x-varnish: 163590577 163169701
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: text/css
content-length: 34148
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 3fe854a4 Show response
www.stuff.co.nz/akam/13/ 26 KB
9 KB 458ms
456ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/akam/13/3fe854a4
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dade902a48924452a6b0257835791ba865f82e61a0a4ee3900d66c65859ef0b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 15:06:28 GMT
etag: "61677068516b24d2815179c77105ec7b5fae667acdfaf9706cf745b11f38e26b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
content-length: 8774
expires: Wed, 07 Sep 2022 20:51:23 GMT

GET
H2 200 stuff-header-bidding.js Show response
www.stuff.co.nz/static/stuff-header-bidding/latest/ 12 KB
4 KB 69ms
66ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/stuff-header-bidding/latest/stuff-header-bidding.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 96a1951bf490b344d6776ce3b6539bb632d3019017541d876eb3f50af85444f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
content-length: 3504
x-esi-enable: 0
last-modified: Wed, 27 Jul 2022 00:23:44 GMT
server: S3
x-cache-origin: MISS:Varnish
etag: W/"d0089b3b397dc49b94b80ea407656be3"
vary: Accept-Encoding
x-varnish: 74990664
access-control-allow-origin: *
cache-control: public, max-age=3600
referer
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 07 Sep 2022 21:51:22 GMT

GET
H2 200 react.281b479c7448010394ee.js Show response
www.stuff.co.nz/sics-assets/js/ 13 KB
5 KB 125ms
124ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/js/react.281b479c7448010394ee.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 0a325decfde845ca807eb95bb738b93e3a39bc9dc5dbbe30006a46d0aaa11985

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 01:35:57 GMT
server: S3
x-esi-enable: 0
x-cache-origin: MISS:Varnish
etag: W/"9401ab3307dd8b043f04e03ebe42f0dd"
vary: Accept-Encoding
x-varnish: 294415351
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: application/javascript
content-length: 5109
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 react-dom.8b8c4fd6928848fd149d.js Show response
www.stuff.co.nz/sics-assets/js/ 116 KB
37 KB 125ms
120ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/js/react-dom.8b8c4fd6928848fd149d.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 075a8ac615514bdfb50ff549c364975167a846d282b3bee916152fee7cdc7a7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 01:35:57 GMT
server: S3
x-esi-enable: 0
x-cache-origin: MISS:Varnish
etag: W/"1acd604c01eff97360cd1c1468f8ce8e"
vary: Accept-Encoding
x-varnish: 289737246
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: application/javascript
content-length: 37668
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 bundle.1fc241e7bbcb67a90e8b.js Show response
www.stuff.co.nz/sics-assets/js/ 1 MB
335 KB 125ms
120ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: e8cd27492a8b97fa4c07c1210f85eb04a9a256d00733dec84de8d6bad6548b69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 00:39:20 GMT
server: S3
x-esi-enable: 0
x-cache-origin: MISS:Varnish
etag: W/"b89db241bf0885e11b8853e5cf039af5"
vary: Accept-Encoding
x-varnish: 163758389
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: application/javascript
content-length: 342412
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 jquery.26d46e64ce99f8c2b31d.js Show response
www.stuff.co.nz/sics-assets/js/ 89 KB
32 KB 125ms
121ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/sics-assets/js/jquery.26d46e64ce99f8c2b31d.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 292288f03d122da15bcd8cbd10868a0a047cf22e83e0f83c231f48bf23fcb860

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 19:32:17 GMT
server: S3
x-esi-enable: 0
x-cache-origin: HIT:Varnish
etag: W/"4f4d5fcdc89b56a0d720a7f3c6baf992"
vary: Accept-Encoding
x-varnish: 143623698 112594257
cache-control: public, max-age=2592000
referer
accept-ranges: bytes
content-type: application/javascript
content-length: 31937
expires: Fri, 07 Oct 2022 20:51:22 GMT

GET
H2 200 stuff-adfliction.js Show response
www.stuff.co.nz/static/stuff-adfliction/latest/ 26 KB
7 KB 75ms
72ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/stuff-adfliction/latest/stuff-adfliction.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: d3871e2070a243288259b54f34b530e09ad7005f4aa0938cc8fb3dc6cc096b24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
content-length: 7381
x-esi-enable: 0
last-modified: Wed, 08 Dec 2021 23:32:14 GMT
server: S3
x-cache-origin: MISS:Varnish
etag: W/"4e879fbb43d36013d6258cc8cb948ac4"
vary: Accept-Encoding
x-varnish: 203426487
access-control-allow-origin: *
cache-control: public, max-age=3600
referer
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 07 Sep 2022 21:51:22 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 207 KB
72 KB 152ms
52ms Script
application/x-javascript 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2a790de20153d921b7be7123dd4668d130fea09fe94d6ce267b499d3e75f7a93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Wed, 07 Sep 2022 11:46:38 GMT
etag: "15-2Tu0AR0vrUSM11l0sCFIoPYJlf8"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: bd12522864b48ef8d09cb22aa0641800
timing-allow-origin: *, *
content-length: 72871

GET
H2 403 ovu_rec.js
videos.oovvuu.com/stuf/v1/ 0
0 977ms
666ms Script
application/xml 2600:9000:2057:ec00:1a:9e13:5280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://videos.oovvuu.com/stuf/v1/ovu_rec.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:ec00:1a:9e13:5280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 banner Show response
dashboard.presspatron.com/dev/ 11 KB
12 KB 154ms
94ms Script
text/javascript 65.9.66.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dashboard.presspatron.com/dev/banner?b=TJu26zZFBKa635NQ13AZRn8S

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-111.fra56.r.cloudfront.net

Software

Resource Hash

1786bfb5bc61c63a26e18ac30db3db9cdf3c87ae30f40ea907fe040ac2a99b27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:24:49 GMT
via: 1.1 2fc0d20914c32e5cd76477ed042298d0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 66394
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-request-id: 7d3b4f5e-a5cb-473e-8801-29f844018cb3
x-runtime: 0.014194
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 29 May 2022 23:01:51 GMT
x-frame-options: SAMEORIGIN
etag: W/"39064efd2a3b667f7f5202d39b3a8ce2"
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: yjF1f4LYGuXQJMXXqqAm00ApzrvQiiuL9K9qascb9_HqWg5c1l_Taw==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 136ms
79ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac98048df1ce8b39e1e8d6c6f4bd6a70eccf5b9f1f25c8c1e79492d71ceba077

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28534
x-xss-protection: 0
server: sffe
etag: "1327 / 119 of 1000 / last-modified: 1662547195"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 07 Sep 2022 20:51:23 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 273ms
50ms XHR
application/json 34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F5D11253512D2B170A490D45%40AdobeOrg&d_nsid=0&ts=1662583882885

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c6c9d933545f78d4c695fc526ec67c595d64147a8913185a55df60101664a4ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v039-0f7e61f04.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: F8Nm3LT8Q4U=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.stuff.co.nz
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 748
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 EX25d20b7db7d9432e9825e136cd776302-libraryCode_source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 60 KB
21 KB 28ms
26ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/EX25d20b7db7d9432e9825e136cd776302-libraryCode_source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 99a42e69ccec698d9be89d17d7cb3efa693436bd3422b9a038919a8a878128d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 21382
expires: Wed, 07 Sep 2022 21:51:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 143ms
50ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6563
date: Wed, 07 Sep 2022 19:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 07 Sep 2022 21:02:00 GMT

GET
H/1.1 200
OK channels.cgi Show response
stuffnz-sydney.gscontxt.net/main/ 224 B
302 B 1420ms
291ms Script
application/javascript 152.67.117.181
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://stuffnz-sydney.gscontxt.net/main/channels.cgi?url=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.67.117.181 Bungarribee, Australia, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: cf38d19d37a13789e99300f5fa0110a86c4d9b3ec76d30a5a731ba72314b45b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length: 224
Content-Type: application/javascript

GET
H2 200 app.js Show response
cdn.kdaimo.com/stuff-198652/ 9 KB
4 KB 398ms
48ms Script
application/javascript 143.204.215.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.kdaimo.com/stuff-198652/app.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-114.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8fbf6dbda27863e94305c9a5b26d276bfbb627f7a34a4b0de1e3ee6a6d15fdeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: vaj8jMvZHN7ypgWwU.4jGcJdlZCqtZzK
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 08:19:00 GMT
server: AmazonS3
age: 62070
etag: W/"a1586f9b91059477f2143b249f820258"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
date: Wed, 07 Sep 2022 03:44:14 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 3V1jVFN9pks9uoVdGqiQe_voFCUMDNNp5KSWs2wQr980tuvFP-zWDQ==

GET
H2 200 advertising.js Show response
www.npttech.com/ 7 KB
3 KB 140ms
77ms Script
application/javascript 2606:4700:3032::ac43:bf95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:bf95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4249
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: AQNEE3AC9H8TW77F
x-amz-id-2: VpUUXqbmL/xpA5Vtm4W+3ivO1YOUEZ2vtR2RHPP57p8m5L90v/PkL8ddYn/Wp5Gwu5zTNf6W5CQ=
last-modified: Wed, 19 Jun 2019 08:25:01 GMT
server: cloudflare
etag: W/"3d6f80c860866175f58a84bbbc9217c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=but7n8AWLVNUonOfnjuOdOvDWPO1b%2BRPZbtpWQOvj4Y950vDbuSPHMjpcjzCfAT0lVffdqwqQ4OgZjG4w4j7Au%2FXLBTEEydmzE6UkSks9rQd58vJ%2F1o9bd4dYimXMnrWq7OmkgHqKuyYJXd%2Ftqs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
x-amz-version-id: hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray: 74725274ed359028-FRA

GET
H2 200 stuff.js Show response
cdn.brandmetrics.com/tag/28a8e7a75ebc4c80a43b7dcd8c12b39a/ 6 KB
3 KB 172ms
111ms Script
text/javascript 2606:4700:20::ac43:45f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/28a8e7a75ebc4c80a43b7dcd8c12b39a/stuff.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:45f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0fcb4ddd51c77676d524222345c107a2832c4b8a35c45941071ea19f2861135

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Sep 2022 20:03:30 GMT
server: cloudflare
age: 2873
cf-polished: origSize=5844
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oz5i2J%2F3SuqH%2FPqfXM%2Fw%2FCs5gf%2B7cwG0glpOG%2FhMJSIsX0TW%2Bfc5Z5juk6i1HvezJ4uHBWuDLeTztUFL6yFQ6SdHkv3%2BiJTSgS1zegwHg0N3zMYvJ2PZP17HYOcs51uTPHFMqey1dEeeh9nRlRqeu8oi"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74725274eefd922c-FRA
cf-bgj: minify

GET
H2 200 STUFFSANSWEB-Light.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 32 KB
32 KB 121ms
121ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-Light.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 6becd77411e34f8dcd313296ae9e181664a3b3cc0a044b38e1534dea05336087

Request headers

Referer: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:22 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:54 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "81f24298f33f81f2bfe8a812634cc2dd"
x-varnish: 160734710 90555007
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 32732
expires: Thu, 07 Sep 2023 20:51:22 GMT

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82411ccd8cd8814825970283d58f132cc2baa464062aa0e5fae2132ab9aee2ad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 STUFFSANSWEB-Italic.woff2
www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/ 36 KB
36 KB 108ms
108ms Font
binary/octet-stream 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans/WOFF2/STUFFSANSWEB-Italic.woff2
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: e66cccb6fd64ae7c7e428900129c22644e340286024b3e0bcce8b94432745e7b

Request headers

Referer: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Origin: https://www.stuff.co.nz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
x-esi-enable: 0
last-modified: Tue, 17 May 2022 03:44:44 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: "e1b8b712f979ad8fc5b4d240e93e87b7"
x-varnish: 143044028 75227291
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: binary/octet-stream
content-length: 36496
expires: Thu, 07 Sep 2023 20:51:23 GMT

POST
H2 200 / Show response
o68184.ingest.sentry.io/api/150508/envelope/ 2 B
277 B 168ms
103ms Fetch
application/json 34.120.195.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://o68184.ingest.sentry.io/api/150508/envelope/?sentry_key=f9b3dddbd86e4cf191a09137f4ce9efa&sentry_version=7

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.stuff.co.nz
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 104ms
39ms Stylesheet
text/css 2a00:1450:400e:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Merriweather+Sans:300,700

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4e7888ff0f09652a80767bad958aaec1cde6d63b3fc958d9cb7d2467bb867ea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 20:51:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 07 Sep 2022 20:51:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Sep 2022 20:51:23 GMT

GET
H2 200 standardbyline.css
interactives.stuff.co.nz/2022/rebrand/ 1 KB
722 B 121ms
89ms Stylesheet
text/css 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://interactives.stuff.co.nz/2022/rebrand/standardbyline.css
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 278146e898fab9a0e0a48a19c65a730c2b94a5492a03a621eef220e26712700b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Sun, 29 May 2022 21:28:46 GMT
server: AmazonS3
etag: "62e093a3d53613c68306693462f74234"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600
accept-ranges: bytes
content-length: 524
expires: Wed, 07 Sep 2022 21:51:23 GMT

GET
H2 200 top-pullar-7df13930.jpg
static3.stuff.co.nz/ 91 KB
92 KB 117ms
109ms Image
image/jpeg 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static3.stuff.co.nz/top-pullar-7df13930.jpg
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d6cb4bcf91fb483d6f958f9aec072249aa112f73fca03695a61e8cc98bd8246

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
last-modified: Sun, 22 May 2022 20:18:10 GMT
server: AmazonS3
x-amz-request-id: Q5BMQWEZB3B5XV0Z
etag: "82e1f96adb08c7230bf2c92accc918f4"
x-amz-meta-width: 400
content-type: image/jpeg
cache-control: max-age=22203069
x-amz-meta-height: 400
accept-ranges: bytes
content-length: 93353
x-amz-id-2: z375bzaaEwgRckB8T+ImlcxK8MzBOqVvlV5x++hYvQCE/iz0qwwmSZmywmdMoPW+hZiesGe/mRg=
expires: Mon, 22 May 2023 20:22:32 GMT

GET
H2 200 stuff-sans.css
www.stuff.co.nz/static/spade/fonts/ 5 KB
721 B 54ms
53ms Stylesheet
text/css 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/spade/fonts/stuff-sans.css
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 9d2ed300e56e6818a6d7436b2bf489c58af9948328afc1985caf73a9f444c71d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
content-length: 452
x-esi-enable: 0
last-modified: Tue, 17 May 2022 04:11:23 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: W/"8783ea926fd6938471a3adee7992b39b"
vary: Accept-Encoding
x-varnish: 122399417 100822627
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: text/css
expires: Thu, 07 Sep 2023 20:51:23 GMT

GET
H2 200 openid-configuration Show response
my.stuff.co.nz/.well-known/ 3 KB
2 KB 216ms
54ms XHR
application/json 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.stuff.co.nz/.well-known/openid-configuration

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aabf2045079740c4cd6d94f34fbf93ba309ba700153beff2afa134c032fc5e62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY, DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY, DENY
content-language: en-NZ
access-control-allow-origin: *
cache-control: must-revalidate, max-age=7200
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
content-length: 835
x-xss-protection: 1; mode=block
expires: Wed, 07 Sep 2022 22:51:23 GMT

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
36 KB 115ms
53ms Script
application/x-javascript 99.86.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-6.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:32:30 GMT
content-encoding: br
age: 69534
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
etag: W/"148e21f812b555a13b2a9c6b616141f4"
vary: Accept-Encoding
x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: FRA6-C1
content-type: application/x-javascript
x-amz-cf-id: b8KlwjbB_Zu48NSSpHHyQmHoHIlu-BUK3SC4Je9nbdnjFHXIGoOgKg==

GET
H2 200 PEC098A72-33DD-408F-96BF-B1E81199868C.js Show response
cdn-gl.imrworldwide.com/conf/ 28 KB
7 KB 138ms
53ms Script
application/javascript 2600:9000:214f:d200:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PEC098A72-33DD-408F-96BF-B1E81199868C.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:d200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb5c24b4ea797b4578b5e62a0b549058f81130f4c360afc4b113d013053df318

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: pjDK3gDeYlCTJNV4WF0g_CSRWUZDAzJf
content-encoding: gzip
etag: W/"b5f202e92de2a59d308bd4774e7eb736"
last-modified: Tue, 06 Sep 2022 15:19:29 GMT
server: AmazonS3
age: 1602
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Wed, 07 Sep 2022 20:28:33 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: CKiScqvFvH7OGwZuYxVGSly7lx2FqNSzMncKBGzQbLHLj4dlB6t2ew==

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-gl.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

56ms
55ms

Script
application/javascript

2600:9000:214f:d200:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Server: 2600:9000:214f:d200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 117ed873640b992e38f34a0a761dd3e1cda6b3c24c9507bb3adc0323039f8ff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: PmT0ztgo6pW7kPCi5f5AnKDRXRQLwscI
content-encoding: gzip
etag: W/"3bad78b036ef952c6ace672b2251b459"
last-modified: Mon, 25 Jul 2022 13:33:52 GMT
server: AmazonS3
age: 80207
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 06 Sep 2022 22:34:38 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: Ysnb4XoCfznQUuabDN-SYdy2sPynI7aBvRPUqMuBhxJSuZ-sOXxOJg==

Redirect headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
server: awselb/2.0
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: text/html
location: https://cdn-gl.imrworldwide.com:443/v60.js
content-length: 134
x-amz-cf-id: x0zyFNU_3ZK7wYwoSP37GxC9StEZzIDORdFmyHQvrWg-JkcCghj_AQ==

GET
H2 200 load Show response
experience-au.piano.io/xbuilder/experience/ 5 KB
2 KB 140ms
42ms Script
application/javascript 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience-au.piano.io/xbuilder/experience/load?aid=ooaGPZ28pa

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5cada74514ea791cf21ea5c1500de5fc08454e947f0aea484b8e5ef2ce4ea18

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 1208
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: K30xuhrQP4r
wn: prod-au-exp-10-1-4-159
last-modified: Wed, 07 Sep 2022 20:31:15 GMT
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 747252766bf5bb3d-FRA
expires: Wed, 07 Sep 2022 21:21:23 GMT

GET
H2 200 neighbourly-stuff-widget-init.js Show response
cdn.neighbourly.co.nz/js/ 7 KB
7 KB 354ms
57ms Script
text/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neighbourly.co.nz/js/neighbourly-stuff-widget-init.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d858cbffd70b52bf6b006f81d7616c495d26830775b826d82e5cbe42a66a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 varnish, 1.1 varnish
age: 2532171
x-cache: HIT, HIT
content-length: 7140
x-amz-id-2: pFFKCw9qEbfYmk3jRAYN674rQSKD+jSnggk4bsO5JjjOnYoO2GIk+KBpSEAaIgSlbnyZT5W5VDU=
x-served-by: cache-akl10328-AKL, cache-hhn4067-HHN
last-modified: Mon, 11 Apr 2022 07:57:14 GMT
server: AmazonS3
x-timer: S1662583884.529436,VS0,VE1
etag: "45f09beeb97c3038dcda66755ae99d88"
x-amz-request-id: 65W9CCD5CA25X9PH
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: text/javascript
x-cache-hits: 294485, 1

GET
H2 200 sj.js Show response
cdn.sajari.com/js/ 73 KB
23 KB 135ms
60ms Script
application/javascript 35.190.50.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.sajari.com/js/sj.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.50.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.50.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9d73ef96b9d0d9d2e2f4a8c2133eac7bd5fc9e3e0ec952a7d383e44a4b677db5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 09:16:30 GMT
content-encoding: gzip
age: 41693
x-guploader-uploadid: ADPycdvZjFjAfRH4-WirDC5LasoonEbdEfeXbLtKQvW36uUMk2JAsW238LZXb52TTjzSB9fUkNjMbQG3_Vw-QLgl8Bsgfg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22509
last-modified: Wed, 19 Jan 2022 01:42:06 GMT
server: UploadServer
etag: "1dfd79b4ef7eb5438a7553c1e91a8755"
x-goog-hash: crc32c=FsLJcA==, md5=Hf15tO9+tUOKdVPB6RqHVQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1642556526050451
access-control-expose-headers: Content-Type
cache-control: public,max-age=86400,no-transform
x-goog-stored-content-length: 22509
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 08 Sep 2022 09:16:30 GMT

GET
H/1.1 200
OK pixel
amplifypixel.outbrain.com/ 43 B
256 B 675ms
103ms Image
image/gif 64.202.112.255
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amplifypixel.outbrain.com/pixel?mid=0078c40ea964a99524a9e6feea5ac19649
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.255 Lovettsville, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:23 GMT
Cache-Control: no-cache
X-TraceId: 987fa46368ea7f64fbc8bd3e0c06b394
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H/1.1 200
OK dest5.html Show response
fairfax.demdex.net/ Frame DE56 7 KB
3 KB 436ms
46ms Document
text/html 52.215.50.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfax.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.50.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-50-2.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcscanary-prod-irl1-1-v045-0349b3582.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: KeVlUrU8QQg=
content-encoding: gzip
date: Wed, 7 Sep 2022 20:51:23 GMT
last-modified: Tue, 6 Sep 2022 08:00:05 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YxkESwAAACBJ3wNn
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=54014277804052494904341488304845762271
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YxkESwAAACBJ3wNn

42 B
942 B

49ms
49ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YxkESwAAACBJ3wNn

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v039-096107272.edge-irl1.demdex.com 5 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: LlpKuyvtRb4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YxkESwAAACBJ3wNn
Date: Wed, 07 Sep 2022 20:51:23 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fairfaxnz.tt.omtrdc.net/rest/v1/ 352 B
719 B 536ms
409ms XHR
application/json 52.209.16.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fairfaxnz.tt.omtrdc.net/rest/v1/delivery?client=fairfaxnz&sessionId=55b9819bd9534133ac02a12cd031f7cb&version=2.3.3
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.16.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-16-61.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d2ef35015b71cb6761c1195e189c244db67e6f56633a601f552ebfd6cf9b15aa

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.stuff.co.nz
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: c3abed1a8d9351e27e2716d53a7d5405

GET
H2 200 prebid-6.6.0.js Show response
www.stuff.co.nz/static/prebid/ 336 KB
103 KB 61ms
61ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/prebid/prebid-6.6.0.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-header-bidding/latest/stuff-header-bidding.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 7d0b5690d943eeec5db9b0344f07d4faf581c1f9452790fbab40ad4c11e78b57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
content-length: 105288
x-esi-enable: 0
last-modified: Tue, 11 Jan 2022 19:58:52 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: W/"ff7b5da47802875cad559005698b70de"
vary: Accept-Encoding
x-varnish: 212961565 189139465
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 07 Sep 2023 20:51:23 GMT

GET
H2 200 client-location.js Show response
www.stuff.co.nz/static/scripts/stuff-plugins/client-location/1.0.1/ 269 B
486 B 113ms
113ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/scripts/stuff-plugins/client-location/1.0.1/client-location.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-adfliction/latest/stuff-adfliction.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 9407a280fa95783f12eef3531e5d6e2135279116b759d464e99945eed37c2e4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
x-esi-enable: 1
server: S3
etag: W/"91551206f4feb50d8b9c53c097b6d7a6"
vary: Accept-Encoding
x-varnish: 977277205 286389187
access-control-allow-origin: *
cache-control: max-age=7200
content-type: application/javascript
content-length: 269
expires: Wed, 07 Sep 2022 22:51:23 GMT

GET
H2 200 nativform-all.min.js Show response
sdk.ffxpub.com/web/v3/3.1.10/ 75 KB
20 KB 326ms
27ms Script
application/javascript 2600:9000:214f:4600:1e:9232:ebc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.ffxpub.com/web/v3/3.1.10/nativform-all.min.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-adfliction/latest/stuff-adfliction.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:1e:9232:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28b8b88196f15352c2c5fd6411ae1da28f72cc1ed3cbf26a13eef570d2d9b101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 03:01:15 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 23:47:57 GMT
server: AmazonS3
age: 64209
etag: W/"cbed1c09321bb7f2d1357e160b9b33b8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: WcBf_Um3uohqGJhGBFNKEJqPWoKrKDSZsV4P37GoKOz36bXeOS5mEA==

GET
H2 200 1624943285240.jpg
resources.stuff.co.nz/content/dam/images/4/y/s/u/d/b/image.related.StuffLandscapeSixteenByNine.1240x700.22rvh5.png/ 76 KB
77 KB 635ms
23ms Image
image/jpeg 151.101.130.227
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.stuff.co.nz/content/dam/images/4/y/s/u/d/b/image.related.StuffLandscapeSixteenByNine.1240x700.22rvh5.png/1624943285240.jpg?format=pjpg&optimize=medium

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.227 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

NZCMS /

Resource Hash

48c6d12327593c8395849eaaa62a016dd10711495824a90ca550a5aafeb06d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 varnish (Varnish/6.6), 1.1 varnish, 1.1 varnish
age: 1700067
x-cache: HIT, HIT
fastly-io-info: ifsz=88543 idim=1240x697 ifmt=jpeg ofsz=78109 odim=1240x697 ofmt=jpeg
fastly-stats: io=1
content-length: 78109
x-served-by: cache-akl10333-AKL, cache-hhn4046-HHN
x-esi-enable: 0
server: NZCMS
x-timer: S1662583884.962950,VS0,VE1
x-cache-origin: MISS:Varnish
etag: "rBz45zysp3fhda/hoacjdluXw7HQr46uKegxV4/QSZs"
strict-transport-security: max-age=300
content-type: image/jpeg
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
x-cache-hits: 4, 1

GET
H2 200 custom_button Show response
dashboard.presspatron.com/websites/153/ Frame 5BB5 259 B
791 B 25ms
25ms Document
text/html 65.9.66.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dashboard.presspatron.com/websites/153/custom_button

Requested by

Host: dashboard.presspatron.com
URL: https://dashboard.presspatron.com/dev/banner?b=TJu26zZFBKa635NQ13AZRn8S

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-111.fra56.r.cloudfront.net

Software

Resource Hash

01a02851049854d2d7e2ce81446cabdd55afe68b68bdd7ee09be35bc3dc504ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 65501
cache-control: max-age=86400, public
content-type: text/html; charset=utf-8
date: Wed, 07 Sep 2022 02:39:42 GMT
etag: W/"01a02851049854d2d7e2ce81446cabdd"
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 2fc0d20914c32e5cd76477ed042298d0.cloudfront.net (CloudFront)
x-amz-cf-id: qmz77wsLxujamuUPWStJaFuC8nXUWyvM7nzWlq3iKWgUu8XpqmyfdQ==
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 42a9f0e5-afe8-4935-8013-7b2aff75fbd9
x-runtime: 0.002391
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 34ms
33ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1613813966&t=pageview&_s=1&dl=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&ul=en-us&de=UTF-8&dt=Ransomware%20attack%3A%20Waikato%20DHB%20supporting%20patients%20after%20documents%20dumped%20online%20%7C%20Stuff.co.nz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=387684206&gjid=207882231&cid=1242029032.1662583883&tid=UA-1056754-1&_gid=1304317082.1662583883&_r=1&_slc=1&z=281615220

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.stuff.co.nz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2022090601.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
131 KB 360ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js?cb=31069398

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce67b0786f14c7c1861eebd94f6557072e99e50ab95176a2f23d7444c4dc2741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 18:00:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10263
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133157
x-xss-protection: 0
last-modified: Tue, 06 Sep 2022 08:35:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 07 Sep 2023 18:00:20 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 177 B
756 B 152ms
91ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.stuff.co.nz

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11d6af78e66283ece20bc13c4439f9beea0cac411e9ac90ee81f74ce290bf2aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
expires: Wed, 07 Sep 2022 20:51:23 GMT

GET
H/1.1 200
OK d3d3LnN0dWZmLmNvLm56 Show response
tcheck.outbrainimg.com/tcheck/check/ 16 B
464 B 396ms
322ms XHR
application/json 23.35.229.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/d3d3LnN0dWZmLmNvLm56
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-181.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:23 GMT
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=11408
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: c83c70fa1537a651e2e47a6b67add317
Content-Length: 16
Expires: Thu, 08 Sep 2022 00:01:31 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
341 B 34ms
26ms Image
image/gif 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Fri, 07 Oct 2022 20:51:23 GMT

GET
H2

200

s2366194427407
fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/
Redirect Chain

https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=https%3A%2F%2...
https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&pccr=true&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=htt...

43 B
307 B

36ms
36ms

Image
image/gif

15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&pccr=true&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&c.&getPercentPageViewed=5.0.1&handlePPVevents=4.0&p_fo=3.0&getPreviousValue=3.0&getPageLoadTime=2.0.1&performanceWriteFull=1.0&performanceWritePart=1.0&performanceCheck=1.0&.c&events=&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 20:51:23 GMT
server: jag
etag: 3570371703242063872-4619451350981454296
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-type: image/gif;charset=utf-8
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 06 Sep 2022 20:51:23 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 20:51:23 GMT
server: jag
access-control-allow-origin: *
vary: Origin
p3p: CP="This is not a P3P policy"
location: https://fairfaxnzstuffoverallproduction.112.2o7.net/b/ss/fairfaxnz-stuffoverall-production/1/JS-2.17.0/s2366194427407?AQB=1&pccr=true&ndh=1&pf=1&t=7%2F8%2F2022%2020%3A51%3A23%203%200&ce=UTF-8&g=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&c.&getPercentPageViewed=5.0.1&handlePPVevents=4.0&p_fo=3.0&getPreviousValue=3.0&getPageLoadTime=2.0.1&performanceWriteFull=1.0&performanceWritePart=1.0&performanceCheck=1.0&.c&events=&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-type: text/plain;charset=utf-8
content-length: 0
x-xss-protection: 1; mode=block
expires: Tue, 06 Sep 2022 20:51:23 GMT

GET
H2 200 analytics-d638025feae8bf2e59655e6dc360d52f950aedf8a393c057e60a880c53e438ff.js Show response
d867x8xq12ag.cloudfront.net/v1.6.1-41-gc542807f/assets/ Frame 5BB5 367 B
736 B 420ms
125ms Script
application/javascript 2600:9000:206f:5400:1b:11ff:f600:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d867x8xq12ag.cloudfront.net/v1.6.1-41-gc542807f/assets/analytics-d638025feae8bf2e59655e6dc360d52f950aedf8a393c057e60a880c53e438ff.js
Requested by: Host: dashboard.presspatron.com
URL: https://dashboard.presspatron.com/websites/153/custom_button
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5400:1b:11ff:f600:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86e4cea7590220e8b29905c5a92057f3e98d11f8e225a1e0ca762a1c83e6d8f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dashboard.presspatron.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
last-modified: Thu, 18 Aug 2022 03:48:31 GMT
server: AmazonS3
age: 54582
etag: "d4942a08aa647f1e5c41ee5eb3a2220c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31556952
date: Wed, 07 Sep 2022 06:23:42 GMT
x-amz-cf-pop: FRA56-C1
content-length: 367
x-amz-cf-id: _GclkzfYimF9YqshXHzsoAssCKmgISjd-TlbqwX9vYAtzl875L3lzg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 338ms
33ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1056754-1&cid=1242029032.1662583883&jid=387684206&gjid=207882231&_gid=1304317082.1662583883&_u=IEBAAAAAAAAAAC~&z=486598157

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 07 Sep 2022 20:51:23 GMT
content-type: text/plain
access-control-allow-origin: https://www.stuff.co.nz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

signin-callback.html Show response
www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/ Frame 60BA
Redirect Chain

https://my.stuff.co.nz/authorize?client_id=6380a421-afcd-45b4-b9ab-393d3f105da3&redirect_uri=https%3A%2F%2Fwww.stuff.co.nz%2Fstatic%2Fstuff-login-browser-sdk%2F1.2.3%2Fcallback%2Fsignin-callback.ht...
https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2...

229 B
935 B

61ms
61ms

Document
text/html

2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/stuff-login-sdk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

S3 /

Resource Hash

33def4d457d490ce89b5e6be3dcf904c25d03a50dd7f7a65237f395d7161b5e4

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 229
content-security-policy: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/
content-type: text/html
date: Wed, 07 Sep 2022 20:51:24 GMT
etag: W/"87597ea852799e4231ddd983159493b6"
expires: Thu, 07 Sep 2023 20:51:24 GMT
server: S3
vary: Accept-Encoding
x-cache-origin: MISS:Varnish
x-esi-enable: 1
x-varnish: 691634614

Redirect headers

content-length: 0
date: Wed, 07 Sep 2022 20:51:23 GMT
location: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131

GET
H2 200 tinypass.min.js Show response
code.piano.io/api/ 324 KB
94 KB 49ms
40ms Script
application/javascript 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://code.piano.io/api/tinypass.min.js

Requested by

Host: experience-au.piano.io
URL: https://experience-au.piano.io/xbuilder/experience/load?aid=ooaGPZ28pa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fde9277e699de5f4419f378e798a3a4ddbfd429b9b6a466b64d9b2ef8526a55f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10163
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: A2S1HTSYG6NCYA1P
x-amz-id-2: 61EjROviohsNjRdRcoZ3RFEzUmXApKKSoxN+K7qL9V6RGZMzd78tkAyYxsmjYfANYD+qWh9mIhs=
last-modified: Wed, 07 Sep 2022 07:35:20 GMT
server: cloudflare
etag: W/"f2c903915e3b113518e26ede467035b1"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: 4lbnnZZJ_PFJVTSqGUiQejFbkHmsr40v
cf-ray: 747252780ebdbb3d-FRA
expires: Thu, 08 Sep 2022 00:51:23 GMT

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 195 KB
55 KB 123ms
122ms Script
application/javascript 2600:9000:214f:d200:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PEC098A72-33DD-408F-96BF-B1E81199868C.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:d200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: DrLErfhsYc9Oxds2t7Wz_kyLr0yC.GSp
content-encoding: gzip
etag: W/"81a9e2a298d0019660cb2966f0c24748"
age: 1526
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Mon, 02 May 2022 13:40:06 GMT
server: AmazonS3
date: Wed, 07 Sep 2022 20:25:58 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: ALsBZ3_5fp-JBLWARqWFBihSqXvfnA8QgZWphOWwZa9zd4J8lhjIUg==

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 42 KB
14 KB 37ms
35ms Script
text/javascript 2606:4700:20::ac43:45f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=0cf2cb43-ab90-48b9-94fa-f5bf6ebdd0ed&toploc=www.stuff.co.nz
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/tag/28a8e7a75ebc4c80a43b7dcd8c12b39a/stuff.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:45f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6200739690705845c8c84e0c50795221872b62623a68106f19d9793d6a434636

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Sep 2022 20:41:20 GMT
server: cloudflare
age: 603
cf-polished: origSize=44111
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLMJ%2FUneD9%2FY4pjbhad6fQZDgiaxfXFqID9l5PNqkcOGncMR8Eoa2%2BdBQkM8z%2FquC5f1ZtExKSTsBhyMB%2FUumaEX5MzP2QC%2BjmemWlCzt39qcv8faKkJ3VUJUYO49%2FkJnFXPCwIEsFfMmx%2Bn5L%2F10S9%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7472527729b1922c-FRA
cf-bgj: minify

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 RC4048bcc2fe11411f8017a6dbfbb87a14-source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 708 B
700 B 25ms
24ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/RC4048bcc2fe11411f8017a6dbfbb87a14-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f150e1bbb75e086a62af5776f3d2a4a4da21e42f7d736904b3daf59f7ab0d8a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 434
expires: Wed, 07 Sep 2022 21:51:23 GMT

GET
H2 200 RC547aaccc21c34cc58a30baa19a642b74-source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 1 KB
884 B 25ms
25ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/RC547aaccc21c34cc58a30baa19a642b74-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 71bb74021340ca7d325619d0d0da90651add48bc4c627a4c60219fda7fc40a35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 618
expires: Wed, 07 Sep 2022 21:51:23 GMT

GET
H2 200 aax.js Show response
c.aaxads.com/ 474 KB
121 KB 130ms
63ms Script
text/javascript 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAX76609S&hst=www.stuff.co.nz&ver=1.2

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

825e3cb7973c54ea34fcb2766aac7400241856eb9c11f8349c70071e9e5c51d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 07 Sep 2022 20:51:23 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 07 Sep 2022 21:21:23 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/stuff.co.nz/ 74 KB
26 KB 342ms
23ms Script
application/javascript 65.9.61.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/stuff.co.nz/p.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.61.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-61-60.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 635a136e36d4a58ca3d882b71061c4764b613fe4361ea61b22dade8abda2c4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: public
date: Wed, 07 Sep 2022 02:35:52 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 18:45:41 GMT
server: nginx
age: 65731
etag: W/"611177d5-126a4"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9570c3a1725c20e6faed117bbb74223a.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 6BrYOCgFNNpRBN_gBGkpZDJRG7LvwaNFpPelcB-BdLFvLcrxY599QQ==
expires: Thu, 08 Sep 2022 02:35:52 GMT

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 0304 12 KB
4 KB 24ms
24ms Document
text/html 2600:9000:214f:d200:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:d200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1906
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Wed, 07 Sep 2022 20:19:38 GMT
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
last-modified: Mon, 02 May 2022 13:40:06 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
x-amz-cf-id: 3jINT0quc79iGO71s7xicmWTnYgL1AIc_jCZvxaAIjruX9Yzpf9rhg==
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: pCvO2RaXRfPysrOm9wpmYmW2HbKONfJo
x-cache: Hit from cloudfront

GET
H2 200 storageframe.html Show response
secure-gl.imrworldwide.com/ Frame DE19 11 KB
4 KB 128ms
128ms Document
text/html 2600:9000:206f:1a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-gl.imrworldwide.com/storageframe.html
Requested by: Host: secure-gl.imrworldwide.com
URL: https://secure-gl.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 20:51:23 GMT
etag: W/"62f143e3-2b27"
last-modified: Mon, 08 Aug 2022 17:12:03 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
x-amz-cf-id: nOTRet021a10C4xfaHuOrGbhQ_xDo0KBRhmGpDU2dROIS_DbkAYK8Q==
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront

GET
H2 200 get Show response
odb.outbrain.com/utils/ 2 KB
1 KB 192ms
126ms Script
text/javascript 151.101.14.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&idx=0&rand=84860&key=NANOWDGT01&widgetJSId=AR_15&va=true&et=true&format=html&adblck=false&abwl=false&px=225&py=5337&vpd=4137&cw=782&activeTab=true&darkMode=false&ab=0&wl=0&settings=true&recs=true&version=2000877&sig=kGW49cAv&apv=false&false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&ogn=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 02dbf9e5b0ac363b1337d36e54fe593a87560c1f7cc585aaf81608baaf567244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, FRA, Europe1
x-timer: S1662583884.679239,VS0,VE104
accept-ranges: bytes
x-served-by: cache-lga13620-LGA, cache-fra19164-FRA
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: 651423b357449418e440b6e939be53ac
content-encoding: gzip
content-length: 1131
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 0304 44 B
720 B 406ms
44ms Image
image/gif 34.251.191.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PEC098A72-33DD-408F-96BF-B1E81199868C&sessionId=3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883&c16=sdkv,bj.6.0.0&uoo=&fp_id=zvgr4ru3zqfrztqk4cqdvq7ysq7bu1662583883&fp_cr_tm=1662583883523&fp_acc_tm=1662583883523&fp_emm_tm=1662583883523&ve_id=&c30=bldv,6.0.0.623&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.191.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-191-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com/ Frame 0304 35 B
347 B 326ms
22ms Image
image/gif 2600:9000:2057:1000:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com/
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1000:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:19:23 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 66721
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 35
x-amz-cf-id: qoacu9fp55szBwKOpSdW5bt7rxyiQyrnRInj0-kQgQ2ePHrzvxgVQg==

GET
H2 200 get.js Show response
buy-au.piano.io/api/v3/anon/captcha/ 153 B
323 B 1068ms
1058ms Script
application/javascript 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy-au.piano.io/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=ooaGPZ28pa

Requested by

Host: code.piano.io
URL: https://code.piano.io/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84116d8c33d1062009773058b928c6dbcd086891a3061a175709166ba2e57191

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: Koxxuhrj4tQ
pragma
wn: prod-au-dash-10-1-3-156
last-modified: Wed, 07 Sep 2022 20:46:06 GMT
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.004
cache-control: public, max-age=14400
cf-ray: 7472527928ebbb3d-FRA
expires: Thu, 08 Sep 2022 00:51:24 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 23 KB
6 KB 294ms
23ms Script
application/x-javascript 2a02:26f0:3500:893::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: code.piano.io
URL: https://code.piano.io/api/tinypass.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: eb578e5229cead21a487f38f0428ce5362cc04b13dfbc686cb380be538c0e79f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 May 2022 19:29:56 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5964
Expires: Wed, 07 Sep 2022 21:51:23 GMT

POST
H2 200 execute Show response
c2-au.piano.io/xbuilder/experience/ 10 KB
3 KB 1093ms
1084ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2-au.piano.io/xbuilder/experience/execute?aid=ooaGPZ28pa

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

baf9bfce1407c6ebb747300fbebf337c86d69cdae40b3c29bf5b249092b7e591

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: dy94mk9fjz
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.stuff.co.nz
access-control-expose-headers: Composer-Request-Control-Policy
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 74725278e884bb3d-FRA

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 123ms
66ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1056754-1&cid=1242029032.1662583883&jid=387684206&_u=IEBAAAAAAAAAAC~&z=1261645492

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 100ms
50ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1056754-1&cid=1242029032.1662583883&jid=387684206&_u=IEBAAAAAAAAAAC~&z=1261645492

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=21&dpuuid=216633104267004201578
dpm.demdex.net/ Frame DE56
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=54014277804052494904341488304845762271
https://dpm.demdex.net/ibs:dpid=21&dpuuid=216633104267004201578

42 B
942 B

45ms
45ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=21&dpuuid=216633104267004201578

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v039-0d3cc2fc9.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 45uWkjwQR6Y=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
server: AAWebServer
location: https://dpm.demdex.net/ibs:dpid=21&dpuuid=216633104267004201578
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 445ms
104ms XHR
application/json 64.202.112.255
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1662583883674&sessionId=d7ac3fa5-bbeb-f767-380f-9fbd50567f75&url=www.stuff.co.nz&cheqSource=1&cheqEvent=3&responseTime=428
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.255 Lovettsville, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Sep 2022 20:51:24 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: f5c1c151317608b19fa4e6a4391f3a69
Content-Length: 4
Expires: 0

GET
H2 403 channel Show response
adfeeds.stuff.co.nz/v1/ 243 B
516 B 1464ms
1396ms XHR
application/xml 151.101.66.227
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://adfeeds.stuff.co.nz/v1/channel?v=1&p=desktop&s=/business/null/null/null/null&l=/International&pt=article
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.227 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b6f5af45c27f5a871850fe68f8e887e7a561e3857651fa6f92b9eb9077f94aed

Request headers

Accept: */*
Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
via: 1.1 varnish
x-timer: S1662583884.761108,VS0,VE1376
x-served-by: cache-hhn4082-HHN
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/xml
access-control-allow-origin: *
access-control-max-age: 3000
x-cache: MISS
accept-ranges: bytes
fastly-restarts: 1
x-cache-hits: 0

GET
H/1.1 200
OK config-nativform-article-mobileweb-v1.json Show response
adapi.stuff.co.nz/adcontrol/config/ 430 B
989 B 1208ms
312ms XHR
application/json 3.105.141.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adapi.stuff.co.nz/adcontrol/config/config-nativform-article-mobileweb-v1.json
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.105.141.111 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-105-141-111.ap-southeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 3207d12eddcd5a7207fa64a26747eb2bc81a7544d2f871abe2e5424895100966

Request headers

Accept: */*
Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:24 GMT
Last-Modified: Sun, 08 Apr 2018 21:48:48 GMT
Server: nginx
ETag: "842844853d50938be214b5c55a4615c5"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Cache-Control: max-age=60, public
x-amz-replication-status: COMPLETED
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 430
Expires: Wed, 07 Sep 2022 20:52:24 GMT

GET
H2

200

m
secure-gl.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Franso...
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Franso...

44 B
750 B

128ms
127ms

Image
image/gif

2600:9000:206f:1a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&sr=1600x1200&id=lstrg-0b5090cce8403cf22b3dd8cea73ce4bc&ja=1
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Server: 2600:9000:206f:1a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id: _NQCr7unWcN1_e7tx2f4HcC7BiNXmiPI4Lhsotkr7QVL5d979rj24A==
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 0
pragma: no-cache
access-control-allow-origin: *
server: nginx
access-control-allow-methods: POST, OPTIONS
location: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1662583883690&ci=nz-stuff&js=1&cg=0&ts=p.js&vn=6.0.108&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&sr=1600x1200&id=lstrg-0b5090cce8403cf22b3dd8cea73ce4bc&ja=1
cache-control: no-cache
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id: 1Gx7f5TCI4_3Zw5R1HkEgnR4RM1lOH6KWUXooBvx8e8MSmE6bPuFTg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

OPTIONS
H2 204 event
events.apester.com/ Frame 0
0 186ms
132ms Preflight 35.227.201.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://events.apester.com/event
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.201.100 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 100.201.227.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.stuff.co.nz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: OPTIONS,OPTIONS
access-control-allow-origin: https://www.stuff.co.nz
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 07 Sep 2022 20:51:23 GMT
via: 1.1 google

POST
H3 202 event Show response
events.apester.com/ 0
14 B 182ms
136ms XHR
text/plain 35.227.201.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://events.apester.com/event

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.201.100 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

100.201.227.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000
via: 1.1 google
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
date: Wed, 07 Sep 2022 20:51:24 GMT
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.stuff.co.nz
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 5BB5 49 KB
20 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: d867x8xq12ag.cloudfront.net
URL: https://d867x8xq12ag.cloudfront.net/v1.6.1-41-gc542807f/assets/analytics-d638025feae8bf2e59655e6dc360d52f950aedf8a393c057e60a880c53e438ff.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dashboard.presspatron.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6563
date: Wed, 07 Sep 2022 19:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 07 Sep 2022 21:02:00 GMT

GET
H2 200 pxusr.gif
c.aaxads.com/ 43 B
219 B 24ms
23ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 07 Sep 2022 20:51:23 GMT
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=618197
accept-ranges: bytes
content-length: 43
expires: Thu, 15 Sep 2022 00:34:40 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ 43 B
342 B 97ms
21ms Image
image/gif 23.205.239.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.239.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-239-15.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Unused62: 8096267
Date: Wed, 07 Sep 2022 20:51:23 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=736313
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Fri, 16 Sep 2022 09:23:16 GMT

GET
H2

200

pixel.gif
load77.exelator.com/ Frame DE56
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=54014277804052494904341488304845762271
https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=54014277804052494904341488304845762271&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
332 B

105ms
28ms

Image
image/gif

2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-77-nzt: Abk73BAQUvX/LXYFAA
x-accel-expires: @1663262751
date: Wed, 07 Sep 2022 20:51:24 GMT
etag: "59f0c3fc-2b"
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
x-77-nzt-ray: qmaFS3w4RIs
x-77-cache: HIT
content-type: image/gif
access-control-allow-origin: *
x-cache: HIT
x-age: 357933
accept-ranges: bytes
x-77-pop: frankfurtDE
content-length: 43

Redirect headers

date: Wed, 07 Sep 2022 20:51:24 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 2 B
292 B 434ms
109ms Fetch
text/plain 64.202.112.255
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=ff8f74a4dbdba7fadf39524de5a7cb4e_5244_1662583883735&tm=600&eT=6&wRV=2000877&pVis=0&lsd=-1&eIdx=&cnsnt=no_consent&cheq=0&oo=true&ab=0&wl=0
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.255 Lovettsville, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
X-TraceId: 567b4d6b6cbfe999832c6e3e7d8ef187
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 skyLander.js Show response
widgets.outbrain.com/nanoWidget/2000877/module/ 2 KB
2 KB 25ms
25ms Script
application/x-javascript 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/2000877/module/skyLander.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 66d64ecd956174bddcffdc71bdc1e8370638915731779ae7c8b396b1f5b8cb4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-encoding: gzip
last-modified: Wed, 07 Sep 2022 11:45:32 GMT
server: AkamaiNetStorage
etag: "73281901dde2a7d1e6a60bc7e7c14446:1662563331.680614"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 1228
expires: Thu, 08 Sep 2022 00:51:23 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame DE56 0
214 B 117ms
27ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=54014277804052494904341488304845762271&gdpr=0&gdpr_consent=
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 log
l3.aaxads.com/ 35 B
194 B 32ms
24ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=141&dgw=desktop&flg=AAX76609S&fw=FRANKFURT&ff=DE&xjg=4&dss=0&skw=1200&slg=8PR6YK195&gq=stuff.co.nz&vhuyqdph=ssp-serving-5b7b67c586-w8jg6&vyu=090709_439_090512_390_ssp&vf=HE&yhuvlrq=4&yk=1200&yz=1600&yvlg=&ylg=00001662583883791036481827841597&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_gcp_w&deg=2&fdeg=0&gdeg=2&ghqg=140&fhqg=26&hqg=32&gvwduw=26&fvwduw=26&vwduw=26&uhtxuo=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&nzui=
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-241-117.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:23 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 07 Sep 2022 20:51:23 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
260 B 207ms
49ms Image
image/gif 63.34.81.234
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1662583883932&plid=34463568&idsite=stuff.co.nz&url=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22user_type%22%3A%5B%22FlyBys%22%5D%7D&sid=1&surl=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&sref=&sts=1662583883928&slts=0&title=Ransomware+attack%3A+Waikato+DHB+supporting+patients+after+documents+dumped+online+%7C+Stuff.co.nz&date=Wed+Sep+07+2022+20%3A51%3A23+GMT%2B0000+(GMT)&action=pageview&pvid=58262601&u=pid%3D436b825b7eb83a120a503541934751af
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.81.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:24 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 07-Sep-2022 20:51:24 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 pixel_3fe854a4 Show response
www.stuff.co.nz/akam/13/ 0
612 B 57ms
56ms XHR
text/html 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/akam/13/pixel_3fe854a4
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Sep 2022 20:51:23 GMT
content-length: 0
content-type: text/html

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 91 KB
29 KB 34ms
34ms Script
application/x-javascript 2a02:26f0:3500:893::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3c2824b5d9d3293a4d3b231891aa2834a476f16463bfb8824e7a8225bba32053

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Sep 2022 12:17:53 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29505
Expires: Wed, 07 Sep 2022 21:51:23 GMT

GET
H/1.1

200
OK

ibs:dpid=134096&dpuuid=2022090720512400016808126021
dpm.demdex.net/ Frame DE56
Redirect Chain

https://x.dlx.addthis.com/e/demdex_sync?na_exid=54014277804052494904341488304845762271&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022090720512400016808126021

42 B
942 B

45ms
45ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022090720512400016808126021

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v039-0d94e4dd0.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: K1kaKGuzSTY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022090720512400016808126021
pragma: no-cache
date: Wed, 07 Sep 2022 20:51:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Wed, 07 Sep 2022 20:51:24 GMT

GET
H2 200 stuff-login-sdk.js Show response
www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/ Frame 60BA 322 KB
87 KB 58ms
58ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/stuff-login-sdk.js
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: S3 /
Resource Hash: 286a5bcfa642461849ca5397fde16452a1f50d784bc7cb1631099ced066831ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/callback/signin-callback.html?error=login_required&state=55afc4d7d7b5460c9afcb92d5fb9437a&session_state=873dd98089362472654ca04d3379d5f2740e047fe07e7b25bc97d692c17f1300.1726216131
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
content-length: 88598
x-esi-enable: 0
last-modified: Wed, 19 May 2021 02:37:50 GMT
server: S3
x-cache-origin: HIT:Varnish
etag: W/"f73b63b9788f2f623698b107ed61ddba"
vary: Accept-Encoding
x-varnish: 352248230 325443964
access-control-allow-origin: *
cache-control: public, max-age=31536000
referer
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 07 Sep 2023 20:51:24 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEAeRmayYsz_giSKZGCVvgVA&google_cver=1
dpm.demdex.net/ Frame DE56
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTQwMTQyNzc4MDQwNTI0OTQ5MDQzNDE0ODgzMDQ4NDU3NjIyNzE=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTQwMTQyNzc4MDQwNTI0OTQ5MDQzNDE0ODgzMDQ4NDU3NjIyNzE=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAeRmayYsz_giSKZGCVvgVA&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

84ms
51ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAeRmayYsz_giSKZGCVvgVA&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v039-02eed0b6e.edge-irl1.demdex.com 9 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: C1JWpAPlTlQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAeRmayYsz_giSKZGCVvgVA&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 session-management Show response
my.stuff.co.nz/ Frame B253 552 B
2 KB 363ms
363ms Document
text/html 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://my.stuff.co.nz/session-management

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/static/stuff-login-browser-sdk/1.2.3/stuff-login-sdk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6e8f782cb76f95850c56a2bec743171e3ece77af0a3817b315581b53b88e1eaf

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.facebook.net https://.nr-data.net https://.gigya.com https://.eu1.gigya.com https://.us1.gigya.com https://secure-nz.imrworldwide.com https://.demdex.net https://.newrelic.com https://.googletagservices.com https://.googleadservices.com https://adservice.google.co.nz https://adservice.google.com https://hello.myfonts.net https://securepubads.g.doubleclick.net https://.googlesyndication.com https://apis.google.com
X-Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.facebook.net https://.nr-data.net https://.gigya.com https://.eu1.gigya.com https://.us1.gigya.com https://secure-nz.imrworldwide.com https://.demdex.net https://.newrelic.com https://.googletagservices.com https://.googleadservices.com https://adservice.google.co.nz https://adservice.google.com https://hello.myfonts.net https://securepubads.g.doubleclick.net https://.googlesyndication.com https://apis.google.com
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-language: en-NZ
content-length: 552
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.nr-data.net https://*.gigya.com https://*.eu1.gigya.com https://*.us1.gigya.com https://secure-nz.imrworldwide.com https://*.demdex.net https://*.newrelic.com https://*.googletagservices.com https://*.googleadservices.com https://adservice.google.co.nz https://adservice.google.com https://hello.myfonts.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://apis.google.com
content-type: text/html;charset=UTF-8
date: Wed, 07 Sep 2022 20:51:24 GMT
expires: 0
pragma: no-cache
x-content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.nr-data.net https://*.gigya.com https://*.eu1.gigya.com https://*.us1.gigya.com https://secure-nz.imrworldwide.com https://*.demdex.net https://*.newrelic.com https://*.googletagservices.com https://*.googleadservices.com https://adservice.google.co.nz https://adservice.google.com https://hello.myfonts.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://apis.google.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame DE56
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=54014277804052494904341488304845762271
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=54014277804052494904341488304845762271

0
338 B

165ms
44ms

Image
text/plain

52.18.211.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=54014277804052494904341488304845762271
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Server: 52.18.211.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-211-80.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1662583884
x-served-by: beacon-n014-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=54014277804052494904341488304845762271
date: Wed, 07 Sep 2022 20:51:24 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a021-ash-prod.krxd.net

GET
H/1.1

200
OK

ibs:dpid=121998&dpuuid=
dpm.demdex.net/ Frame DE56
Redirect Chain

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=54014277804052494904341488304845762271?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=54014277804052494904341488304845762271?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=

42 B
960 B

43ms
43ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fairfax.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v039-0cc12707d.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 104,300
X-TID: 5XTXSQQHS8Q=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:24 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
expires: 0
cache-control: no-cache
x-server: 10.45.14.65
content-length: 0
x-consent: absent

GET
H2 200 crypto-js.min.js Show response
my.stuff.co.nz/js/sessionManagement/ Frame B253 47 KB
16 KB 54ms
53ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://my.stuff.co.nz/js/sessionManagement/crypto-js.min.js
Requested by: Host: my.stuff.co.nz
URL: https://my.stuff.co.nz/session-management
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: bba05a999896e6d09e9a37b69ebb5e282d8aa0b20a5fd94a3d2a6f0a43a16a6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.stuff.co.nz/session-management
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
last-modified: Thu, 07 Oct 2021 01:45:58 GMT
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
cache-control: max-age=3579279
accept-ranges: bytes
content-length: 16253

GET
H2 200 sessionManagement-1a4f0e5bb1523762a6a2a7c60c9c11cf.js Show response
my.stuff.co.nz/js/sessionManagement/ Frame B253 3 KB
1 KB 63ms
62ms Script
application/javascript 2a02:26f0:ea:4a6::3871
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://my.stuff.co.nz/js/sessionManagement/sessionManagement-1a4f0e5bb1523762a6a2a7c60c9c11cf.js
Requested by: Host: my.stuff.co.nz
URL: https://my.stuff.co.nz/session-management
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea:4a6::3871 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9ecf5cbe631f042bebb2e8bde0b900b2c1aff87a18c56d49979cf16f6cd7b1d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.stuff.co.nz/session-management
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
last-modified: Tue, 11 Jan 2022 01:26:46 GMT
etag: "1a4f0e5bb1523762a6a2a7c60c9c11cf"
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
cache-control: max-age=11678352
accept-ranges: bytes
content-length: 1087

GET
H2 200 /
re.sajari.com/ 48 B
48 B 284ms
181ms Image
image/gif 2a00:1450:4001:812::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://re.sajari.com/?company=1652929874842864747&collection=stuff-crawl-dev&cc.co=1652929874842864747&cc.pr=stuff-crawl-dev&p.ga=1242029032&p.id=1662583883457.88419&e.id=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&ec.ti=Ransomware%20attack%3A%20Waikato%20DHB%20supporting%20patients%20after%20documents%20dumped%20online%20%7C%20Stuff.co.nz&ec.de=Health%20Minister%20Andrew%20Little%20promises%20independent%20inquiry%20into%20ransomware%20attack%20after%20the%20DHB%20recovers.&ec.ke=&canonical=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&bodyChecksum=4381678596b6b56c8835794779b6ca79&metaChecksum=520234509326f0d0ee78751602319426&meta%5Bviewport%5D=width%3Ddevice-width%2C%20initial-scale%3D1.0&meta%5Brobots%5D=noarchive%2C%20max-image-preview%3Alarge&meta%5Bformat-detection%5D=telephone%3Dno&meta%5Bfb%3Aapp_id%5D=207633159308175&meta%5Bverify-v1%5D=RazNiYjuvNuEsMeFXxfR9l9cDZIKxcq2VjQZA25CHgM%3D&meta%5Bmsapplication-config%5D=%2Fsics-assets%2Fimages%2Ffavicons_v2%2Fbrowserconfig.xml&meta%5Btheme-color%5D=%23ffffff&meta%5Bdescription%5D=Health%20Minister%20Andrew%20Little%20promises%20independent%20inquiry%20into%20ransomware%20attack%20after%20the%20DHB%20recovers.&meta%5Bsource%5D=Stuff&meta%5Bog%3Adescription%5D=Health%20Minister%20Andrew%20Little%20promises%20independent%20inquiry%20into%20ransomware%20attack%20after%20the%20DHB%20recovers.&meta%5Bog%3Atitle%5D=Ransomware%20attack%3A%20Waikato%20DHB%20supporting%20patients%20after%20documents%20dumped%20online&meta%5Bog%3Aurl%5D=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&meta%5Bog%3Atype%5D=article&meta%5Bog%3Aimage%5D=https%3A%2F%2Fresources.stuff.co.nz%2Fcontent%2Fdam%2Fimages%2F4%2Fy%2Fs%2Fu%2Fd%2Fb%2Fimage.related.StuffLandscapeSixteenByNine.1420x800.22rvh5.png%2F1624943285240.jpg&meta%5Bog%3Asite_name%5D=Stuff&meta%5Barticle%3Apublished_time%5D=2021-06-29T05%3A08%3A04.262Z&meta%5Bfb%3Apages%5D=21253884267&meta%5Bparsely-type%5D=post&meta%5Bparsely-title%5D=Ransomware%20attack%3A%20Waikato%20DHB%20supporting%20patients%20after%20documents%20dumped%20online&meta%5Bparsely-link%5D=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089&meta%5Bparsely-image-url%5D=https%3A%2F%2Fresources.stuff.co.nz%2Fcontent%2Fdam%2Fimages%2F4%2Fy%2Fs%2Fu%2Fd%2Fb%2Fimage.related.StuffLandscapeSixteenByNine.1420x800.22rvh5.png%2F1624943285240.jpg&meta%5Bparsely-pub-date%5D=2021-06-29T05%3A08%3A04.262Z&meta%5Bparsely-author%5D=Tom%20Pullar-Strecker&meta%5Bauthor%5D=Tom%20Pullar-Strecker%2Cauthor&meta%5Bparsely-section%5D=business&meta%5Bparsely-tags%5D=business&meta%5Btags%5D=business%2Ctags&meta%5Bparsely-post-id%5D=125592089&meta%5Barticle%3Asection%5D=business&meta%5Barticle%3Amodified%5D=2021-06-29T05%3A08%3A04.262Z&meta%5Bpublished_time%5D=article%3Apublished_time
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cloud-trace-context: 6d247d1bfbcb6bb91964423e12226262
server: Google Frontend
date: Wed, 07 Sep 2022 20:51:24 GMT
content-length: 48
content-type: image/gif

GET
H2 200 RC71854f6df4ba497abb522790b0bca466-source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 696 B
698 B 21ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/RC71854f6df4ba497abb522790b0bca466-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3c038cfbe139775e4f3cdf178631db05bcb18b02a0ac286fdb72c2bb92b1c98c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 432
expires: Wed, 07 Sep 2022 21:51:24 GMT

GET
H2 200 RC6877a9dbda0d45fd923d5d362feb4ec2-source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 797 B
670 B 22ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/RC6877a9dbda0d45fd923d5d362feb4ec2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2b50c05a7f67bb2af3c6622362567076243096d361625d4b17a3d906b0b6ce0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 404
expires: Wed, 07 Sep 2022 21:51:24 GMT

GET
H2 200 aacxs.php Show response
c.aaxads.com/ Frame 6AEB 22 KB
9 KB 193ms
193ms Document
text/html 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aacxs.php?flg=AAX76609S&fv=1&fy=37&ke=1&suylg=3004%2C292%2C310%2C267%2C195%2C159%2C209%2C203%2C263%2C206%2C271%2C214%2C89%2C368%2C272%2C356%2C241%2C167%2C251%2C213%2C282%2C229&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAX76609S&hst=www.stuff.co.nz&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2c03d34c0f5a43ee7d151810766dcaec78abfb894ed2e1fc88f58b7c7689a392

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8653
content-type: text/html; charset=UTF-8
date: Wed, 07 Sep 2022 20:51:24 GMT
expires: Fri, 09 Sep 2022 20:51:24 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding
x-mnet-hl2: E

POST
H3 200 loadTemplateContext Show response
buy-au.piano.io/api/v3/anon/template/ 585 B
881 B 379ms
346ms XHR
application/json 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy-au.piano.io/api/v3/anon/template/loadTemplateContext?aid=ooaGPZ28pa

Requested by

Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca34255611f4ca75ec73a50ba5d0c173c8f633e7b6fc798505874a91642b08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: Kpxxuhr07Dd
pragma: no-cache
wn: prod-au-dash-10-1-3-156
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
server-time: 0.004
cf-ray: 747252801c6c9c0c-FRA
expires: 0

GET
H3 200 cacheableShow Show response
buy-au.piano.io/checkout/template/ Frame 43E0 14 KB
5 KB 61ms
37ms Document
text/html 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy-au.piano.io/checkout/template/cacheableShow?aid=ooaGPZ28pa&templateId=OT7A8RZIFO4E&offerId=fakeOfferId&experienceId=EX56LBDCL3RM&iframeId=offer_d69a7ec253276449135a-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid-au.piano.io%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.stuff.co.nz

Requested by

Host: code.piano.io
URL: https://code.piano.io/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e9e064b938b0b9cbd469cd53860467254dfaa40fb278949ef8213062affc6f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: *
access-control-allow-origin: http://dashboard-au.piano.io
age: 1089
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=300
cf-cache-status: HIT
cf-ray: 7472528019956955-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Wed, 07 Sep 2022 20:51:24 GMT
expires: Wed, 07 Sep 2022 20:56:24 GMT
last-modified: Wed, 07 Sep 2022 20:33:15 GMT
p3p: CP="NON DSP COR OUR IND"
pragma
server: cloudflare
server-time: 0.002
strict-transport-security: max-age=86400; includeSubDomains
vary: accept-encoding
wn: prod-au-dash-10-1-3-156
x-forwarded-https: on
x-request-id: Kf3xuhr15wd
x-xss-protection: 0

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame 35FA 684 B
768 B 24ms
24ms Document
text/html 2a02:26f0:3500:893::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580

Request headers

Referer: https://www.stuff.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 379
Content-Type: text/html
Date: Wed, 07 Sep 2022 20:51:24 GMT
Expires: Sat, 17 Sep 2022 20:51:24 GMT
Last-Modified: Tue, 11 Jan 2022 07:21:04 GMT
Server: AkamaiNetStorage
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame 35FA 91 KB
29 KB 27ms
27ms Script
application/x-javascript 2a02:26f0:3500:893::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3c2824b5d9d3293a4d3b231891aa2834a476f16463bfb8824e7a8225bba32053

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:51:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Sep 2022 12:17:53 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29505
Expires: Wed, 07 Sep 2022 21:51:24 GMT

GET
H3 200 template.bundle.1.0.css
buy-au.piano.io/widget/dist/template/css/ Frame 43E0 27 KB
5 KB 41ms
38ms Stylesheet
text/css 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy-au.piano.io/widget/dist/template/css/template.bundle.1.0.css

Requested by

Host: buy-au.piano.io
URL: https://buy-au.piano.io/checkout/template/cacheableShow?aid=ooaGPZ28pa&templateId=OT7A8RZIFO4E&offerId=fakeOfferId&experienceId=EX56LBDCL3RM&iframeId=offer_d69a7ec253276449135a-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid-au.piano.io%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.stuff.co.nz

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d82b3b69ed27853344397a159429cced7fa5019fa56412c0a3d627471ef709ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/checkout/template/cacheableShow?aid=ooaGPZ28pa&templateId=OT7A8RZIFO4E&offerId=fakeOfferId&experienceId=EX56LBDCL3RM&iframeId=offer_d69a7ec253276449135a-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid-au.piano.io%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.stuff.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 2043
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn: prod-au-dash-10-1-4-44
last-modified: Mon, 05 Sep 2022 03:45:30 GMT
server: cloudflare
etag: W/"27358-1662349530000"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/css
server-time: 0.001
cache-control: public, max-age=14400
cf-ray: 747252806a166955-FRA
expires: Thu, 08 Sep 2022 00:51:24 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/ Frame 43E0 95 KB
30 KB 82ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4240149
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30360
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-17b8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8J6QdjVZA73fggmLwekGEI9RkrPRuhBqjnd%2FnebGE5KUTwuB1tZDPknLQwMlX5Ep0sCMdxUoRMA%2B%2FkSrff65owUv1ooFs2m5k9z2GHzzXvXGgQo7S3vqh1XMdRbkTKzsREinUx2hUzHDGBbcSyhMOGQX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae2c9bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/1.4.1/ Frame 43E0 10 KB
4 KB 85ms
37ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/1.4.1/jquery-migrate.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9165274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3550
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R00VjFUndES4dzV%2Bby5vG14cDqa3Cv%2B19ZgCDLx9xIC%2Fz4CbtS%2B5BK1MhaWNwsZOmWgkq3tHPo%2Fceb61f7byAmO2WTrXGYQszjeX326B3IwkHDhPH4c1TEMzdFJQvXrpoALbdjW9Fn0IOhEUewCgqT4v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae319bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 43E0 104 KB
35 KB 87ms
40ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04142857a43c3bf04f03b182ac95d7a519e9c85ec50f44247edd23f951232d98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1810861
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35086
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d25-1a191"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gxJUACTuEHGU3By614H1ryPpJVik2552d0%2Bbk2OsBN1Q%2FPd9EvF1dHSVGnN2takyudn4oB4rAplS2BBO%2BnzzHJ8BCHaZFLodZ5GtbuXw4gw2x1Tzu1HVHRmmGFC9ZV7%2BcGvSOpn8IlVWtxTTMfF4C8t"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae369bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular-animate.min.js Show response
ajax.googleapis.com/ajax/libs/angularjs/1.2.22/ Frame 43E0 11 KB
12 KB 75ms
22ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/angularjs/1.2.22/angular-animate.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07275140ea3f47293d4f8a51d785a766eb1c94e4ae087f7c60c5bd611328ac86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 00:10:17 GMT
x-content-type-options: nosniff
age: 592867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11221
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Sep 2023 00:10:17 GMT

GET
H2 200 angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 43E0 825 B
777 B 86ms
39ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular-cookies.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b460d56dd27b62df333537db25d28e7e5ace33535bf4c7d7d767bdbc687a8dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 526724
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 434
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d25-339"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8umS5vPjEBdRjjRO0XJPjYa68AFYF7ZMy4yLCs%2FYjMyvf4iJ9Q9rHwm4r0k5ahzJ3Yem%2B6Tj15cWjoTYZ4PHHKBCzYhoGekJbNDuUdhsm%2FX0ECICHGhUCb7cZhx2Ike%2FHLqYfVBaKfgki7nJ94Ok%2F3gA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae389bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular-sanitize.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 43E0 4 KB
2 KB 106ms
59ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular-sanitize.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42e8aa892f98807c2b3f49f7c83002b605e357c9463e8a3fbaeffa805fae5bcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1214183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2171
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d25-11cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYUJiRhQDnDZQschy52vXFlbBYq4QtwjEK74AF0PoRoZStllQSmUOMykV23EUmMHO5QgQ4QwaO9rjV7E6r0M2DGrEC4VHoHWJj2P%2BZN3hE4B22e0YhAz1MAR8lLB%2F9fdxSNL4p64kERjYUMH6IdT3OI%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae409bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 tmhDynamicLocale.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular-dynamic-locale/0.1.27/ Frame 43E0 3 KB
2 KB 105ms
58ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular-dynamic-locale/0.1.27/tmhDynamicLocale.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b400c65cddf356b9056899cc2e34c1df2964e5437eed73e184634679cbbe77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1299897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 953
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:43 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d1b-ad6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLkUaczW8vFI%2FcMK5kHMeU0VkMy6ZClGqpsQPwdezM7uWLzIVYdgHaEdk2i%2BYLCnmzZKNVlrlGHjHO4%2F4FtcFL1T3ntl%2BZ36WVmAdbK3j8lwiIrGi64QWJL%2BAfG3Bz9aCNb3nvNiKR7DconD9aHlx98I"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae3b9bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular-ui-utils.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular-ui-utils/0.1.1/ Frame 43E0 23 KB
8 KB 105ms
59ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular-ui-utils/0.1.1/angular-ui-utils.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9685145fc6691742536e349a2953828a84fd729012f34f00cb09b8a26f713b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 524521
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7490
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d24-5b33"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cI%2BlBSIno6PWWbrcwSLdAzYQ4Dq%2BXxcSA%2FAy6RklK2hMK4OYagAeTC0d2xLOTRhk01tl1XMAoZpzGWgg7L6xa9JqEUgX%2BqNhecomuwLiHWHI8ci2atBXXYkM%2BGUos9BqijzvYAXnfD8poM27oScPjX6m"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ce859bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular-ui-ieshiv.js Show response
cdnjs.cloudflare.com/ajax/libs/angular-ui/0.4.0/ Frame 43E0 2 KB
1 KB 83ms
37ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular-ui/0.4.0/angular-ui-ieshiv.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

269c614f28c2a9470a6f1c3642a1734986a949f9272a0ce52e1c9d7eb888028f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 532460
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 910
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d24-93c"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1nGXczLJhmzyTjlpb64ltzpWjUURu0tu0DSDjZXsVVTi2OjfM%2FZpCUf7OSKWYLhgC7vSUSasgn5%2BUtVoratoL4sCgscJBUEy9zhgz4Wn4ieWDg9I9xYKZcDxnREsnVBFeENkwP7T%2F4a8%2FMGpOcEpiLm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae469bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H2 200 angular-ui-router.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.10/ Frame 43E0 20 KB
7 KB 104ms
57ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.10/angular-ui-router.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1e9510079704b81b083e51700f25a88ddd444272ae498f3b5cd06deb164bfd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2431190
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6934
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d24-4f8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UufM3GBA671Rn9JgdsZewOtdmBiCzCvRlVz%2BTsiYSrSuvXk7RUh5OQp%2FPN1CCWbwmXais9%2F7EdmB8isWdzjt6NbxQqWx27JCEq16RuwB0RjmtKtdrgx4hFqd1I3n87tiJVE24ZNe9lWyv9JbbZznE1iu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74725280ae439bcb-FRA
expires: Mon, 28 Aug 2023 20:51:24 GMT

GET
H3 200 H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA Show response
buy-au.piano.io/_sam/ Frame 43E0 114 KB
36 KB 40ms
39ms Script
text/javascript 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy-au.piano.io/_sam/H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA?compressed=true&v=14.265.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3981b1db3de18ae74a074167e1d1bcab1b1762ff521ec6469c9543a690453de

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/checkout/template/cacheableShow?aid=ooaGPZ28pa&templateId=OT7A8RZIFO4E&offerId=fakeOfferId&experienceId=EX56LBDCL3RM&iframeId=offer_d69a7ec253276449135a-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid-au.piano.io%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.stuff.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 866
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn: prod-au-dash-10-1-3-153
last-modified: Mon, 05 Sep 2022 23:21:56 GMT
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/javascript
server-time: 0.000
cache-control: public, max-age=603934
x-optimized-by: _sam
cf-ray: 747252806a196955-FRA
expires: Wed, 14 Sep 2022 20:36:58 GMT

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame 35FA 47 B
637 B 117ms
29ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ec715e7888c5f96ac6e9961fc08b8e8a42c60c9618314e8adf5a5c4bd87a55f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:24 GMT
last-modified: Mon, 07 Mar 2022 20:51:24 GMT
server: Jetty(9.4.28.v20200408)
etag: 1ewqwvhzizaer2fv7mah1dcx4p
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: private, proxy-revalidate
content-type: text/javascript;charset=utf-8
content-length: 47
expires: Thu, 07 Sep 2023 20:51:24 GMT

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 6AEB 35 B
329 B 499ms
173ms Image
image/gif 23.35.228.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?___stu13p=5idgihgb3r73nr56xnl0ch00yxnzunr&gho=1&yvlg=3055854848281343000V10&ruljlq=1&iow=0&syjlg[]=028AAX&syjlg[]=041AAX&syjlg[]=054AAX&syjlg[]=076AAX&syjlg[]=080AAX&syjlg[]=097AAX&syjlg[]=109AAX
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX76609S&fv=1&fy=37&ke=1&suylg=3004%2C292%2C310%2C267%2C195%2C159%2C209%2C203%2C263%2C206%2C271%2C214%2C89%2C368%2C272%2C356%2C241%2C167%2C251%2C213%2C282%2C229&yvVbqf=1&uhiXuo=&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-23.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.aaxads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Sep 2022 20:51:25 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 07 Sep 2022 20:51:25 GMT

GET
H3 200 fail-icon.png
buy-au.piano.io/widget/dist/template/css/img/ Frame 43E0 2 KB
2 KB 48ms
47ms Image
image/png 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://buy-au.piano.io/widget/dist/template/css/img/fail-icon.png

Requested by

Host: buy-au.piano.io
URL: https://buy-au.piano.io/widget/dist/template/css/template.bundle.1.0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buy-au.piano.io/widget/dist/template/css/template.bundle.1.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1313
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2177
wn: prod-au-dash-10-1-3-156
last-modified: Mon, 05 Sep 2022 23:21:56 GMT
server: cloudflare
etag: W/"2177-1662420116000"
strict-transport-security: max-age=86400; includeSubDomains
content-type: image/png
server-time: 0.000
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 747252816ba56955-FRA
expires: Thu, 08 Sep 2022 00:51:25 GMT

GET
H2 200 STUFFSANSWEB-SemiBold.woff2
i.piano.io/managedservices/stuff/fonts/ Frame 43E0 34 KB
35 KB 94ms
33ms Font
application/octet-stream 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://i.piano.io/managedservices/stuff/fonts/STUFFSANSWEB-SemiBold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5522fa3faddd44754a3031f0cea90f32c4da5ca5246a91be3f88fd58478d2005

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://buy-au.piano.io/
Origin: https://buy-au.piano.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
via: 1.1 49e78dae34a1d21beb31b4002f7ce92e.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 6036
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34928
last-modified: Tue, 17 May 2022 09:06:44 GMT
server: cloudflare
etag: "c0f391724faf1f645baa4e7063639d47"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=14400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
cf-ray: 74725281cb42928d-FRA
x-amz-cf-id: odVuSbqcxYINlmr8Gt3JMdiO7kUmP23cGpGWDmHG0R2dzpctJIn1Xw==
expires: Thu, 08 Sep 2022 00:51:25 GMT

GET
H2 200 STUFFSANSWEB-Regular.woff2
i.piano.io/managedservices/stuff/fonts/ Frame 43E0 34 KB
34 KB 117ms
57ms Font
application/octet-stream 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://i.piano.io/managedservices/stuff/fonts/STUFFSANSWEB-Regular.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eba8e146cb4aeb1da575bb17f8961d2594d0f60af6d7eaed5cdc95c4dcd451a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://buy-au.piano.io/
Origin: https://buy-au.piano.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 6036
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34328
last-modified: Tue, 17 May 2022 09:06:45 GMT
server: cloudflare
etag: "fe6cd12a1cf8b8619df8988d8a9de8a6"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=14400
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
cf-ray: 74725281cb44928d-FRA
x-amz-cf-id: _LtfySBLNsCqLJ3x0vjJPVkXcKeY91eTzhoff-OFghuWZzMdHyLxLw==
expires: Thu, 08 Sep 2022 00:51:25 GMT

GET
H2 200 STUFFSANSWEB-Medium.woff2
i.piano.io/managedservices/stuff/fonts/ Frame 43E0 34 KB
34 KB 97ms
37ms Font
application/octet-stream 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://i.piano.io/managedservices/stuff/fonts/STUFFSANSWEB-Medium.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa2364dedec6a43252d203e609c5a6f15a8a115004481e2713102c9623fb9435

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://buy-au.piano.io/
Origin: https://buy-au.piano.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
via: 1.1 c51e3be89c14e3f859ea898f7e36ecec.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 6036
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34512
last-modified: Tue, 17 May 2022 09:06:45 GMT
server: cloudflare
etag: "5ab0cd26b9190f6f68b2662a04b6c497"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=14400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
cf-ray: 74725281cb46928d-FRA
x-amz-cf-id: XzrH0xH9WQLuru71QLls9PwF8xVT1ENgKf-sEvwnRVTu6pTQf6MXnQ==
expires: Thu, 08 Sep 2022 00:51:25 GMT

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame 35FA 43 B
467 B 103ms
31ms Image
image/gif 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=2.7.0&typ=pgv&rnd=l7s3imw83n9kvv5f&sid=1151019886197577425&loc=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&new=1&arf=0&ltm=1662583884031&ref=&tzo=0&wsz=1600x1200&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=l7s3insg5ssm20hn&ckp=l7s3imw8h3o76owt&glb=&cp_userState=anon&cp_ver=2.47&cp_testGroup=49&cst=1ewqwvhzizaer2fv7mah1dcx4p
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
server: Jetty(9.4.28.v20200408)
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 102 B
674 B 107ms
32ms Script
text/javascript 147.75.83.64
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22l7s3imw8h3o76owt%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%221ewqwvhzizaer2fv7mah1dcx4p%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%221ewqwvhzizaer2fv7mah1dcx4p%22%7D%5D%2C%22siteId%22%3A%221151019886197577425%22%2C%22location%22%3A%22https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online%22%7D&callback=cXJsonpCB1

Requested by

Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.83.64 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

69d92effdc84c53eff0fe0c3d1f86bd98a6b76ff9eae33c6fe3f934555cd08ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:25 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 102
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
596 B 111ms
111ms Image
image/gif 34.251.191.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=nz-910623&ch=nz-910623_c17_business_S&asn=business&fp_id=zvgr4ru3zqfrztqk4cqdvq7ysq7bu1662583883&fp_cr_tm=1662583883523&fp_acc_tm=1662583883523&fp_emm_tm=1662583883523&ve_id=&sessionId=3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883&prv=1&c6=vc,c17&ca=NA&c13=asid,PEC098A72-33DD-408F-96BF-B1E81199868C&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,nnfaeuwkfcwxwfeg5ne6hybsfpkun1662583883&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16625838835217291&c30=bldv,6.0.0.623&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=125592089&c3=st,c&c64=starttm,1662583885&adid=125592089&c58=isLive,false&c59=sesid,&c61=createtm,1662583884&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&c66=mediaurl,&sdd=&c62=sendTime,1662583884&rnd=76996
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.191.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-191-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:25 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 RC70afc43a296841f98c234211f65c972e-source.min.js Show response
assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/ 657 B
665 B 475ms
475ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/23f51728685d/6200c30b6543/9cd5dce4fbbf/RC70afc43a296841f98c234211f65c972e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc2c0d9c06c2d4b1a877b126c3b8fc473.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a9de0b5cc458cb6c015879ca5ce1ea100339f5d315307a5b5a95476ba630c2a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:25 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2022 01:39:51 GMT
server: AkamaiNetStorage
etag: "9793a44f79780beea337fcb9fb34d13c:1659317991.177343"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Wed, 07 Sep 2022 21:51:25 GMT

GET
H2 200 tag Show response
a.teads.tv/page/84334/ 2 KB
1 KB 412ms
23ms Script
application/javascript 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/84334/tag
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c9193654a23422beffa46afe37ae99483653dd827112d3678c889c0c505570eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:26 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate, max-age=3600
access-control-allow-credentials: true
content-length: 865
expires: Wed, 07 Sep 2022 21:51:26 GMT

GET
H2 200 teads-format.min.js Show response
a.teads.tv/media/format/v3/ 600 KB
132 KB 23ms
23ms Script
text/javascript 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/page/84334/tag
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c055220cad9ab6321c8d430056a88f8ecc1a03e77780aeced9bab04f64285e4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 07 Sep 2022 20:51:26 GMT
content-encoding: br
last-modified: Tue, 06 Sep 2022 15:34:51 GMT
x-amz-request-id: 1X2XH4T8G4Y0J8MJ
etag: "1d45e426c09018bbda4456bde9b2c1ed"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, must-revalidate, max-age=1800, no-transform
x-bucket: 7
accept-ranges: bytes
content-length: 134196
x-amz-id-2: tXQcD/cTvjvf37jouIDmgj7uV9xYvgwjDxLFNO914OKhJvT4YQAYI1fooQMskxoH4bo6UAnqFPI=
expires: Wed, 07 Sep 2022 21:21:26 GMT

GET
H2 200 track
t.teads.tv/ 23 B
113 B 88ms
65ms Image
image/gif 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=placementCall&env=js-web&auctid=3e716055-ecaa-4e47-9e06-5b989f822623&pageId=84334&pid=117411&debug_metadata=eInCPCDGlh&fv=1069&ts=1662583886934&f=1&referer=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:27 GMT
cache-control: private, max-age=3666
content-length: 23
content-type: image/gif

GET
H2 200 track
t.teads.tv/ 23 B
143 B 86ms
63ms Image
image/gif 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=3e716055-ecaa-4e47-9e06-5b989f822623&pageId=84334&pid=117411&slot=native&fv=1069&ts=1662583886942&f=1&referer=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.stuff.co.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 20:51:27 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H2 200 ad Show response
a.teads.tv/page/84334/ 540 B
572 B 76ms
76ms XHR
application/json 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/84334/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&windowReferrerUrl=https%3A%2F%2Fwww.stuff.co.nz%2Fbusiness%2F125592089%2Fransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online&page=%7B%22id%22%3A84334%2C%22placements%22%3A%5B%7B%22id%22%3A117411%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A612%2C%22height%22%3A344%7D%2C%22slotType%22%3A%22native%22%7D%5D%2C%22gdpr_iab%22%3A%7B%22reason%22%3A220%2C%22status%22%3A22%2C%22consent%22%3A%22%22%2C%22apiVersion%22%3Anull%2C%22cmpId%22%3Anull%7D%2C%22segments%22%3A%7B%22permutive%22%3Anull%7D%2C%22first_party_data%22%3A%7B%22firstPartyCookieTeadsId%22%3Anull%2C%22sharedIds%22%3Anull%7D%7D&auctid=3e716055-ecaa-4e47-9e06-5b989f822623&formatVersion=1069&env=js-web&netBw=10&ttfb=420
Requested by: Host: www.stuff.co.nz
URL: https://www.stuff.co.nz/sics-assets/js/bundle.1fc241e7bbcb67a90e8b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1b9480ad994c1a9d31afe37821380ead6b5a36a0088c1cd6b10f56d257739687

Request headers

Accept: application/json; charset=UTF-8
Referer: https://www.stuff.co.nz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 20:51:27 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.stuff.co.nz
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 365
expires: Wed, 07 Sep 2022 20:51:27 GMT

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.stuff.co.nz/business/125592089	1969-12-31 23:59:59	Name: aamffx Value:
.stuff.co.nz/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 10:08:55	Name: demdex Value: 54014277804052494904341488304845762271
.stuff.co.nz/	1969-12-31 23:59:59	Name: AMCVS_F5D11253512D2B170A490D45%40AdobeOrg Value: 1
.stuff.co.nz/	1970-01-20 14:35:19	Name: site-view Value: d
.stuff.co.nz/	1970-01-20 15:25:43	Name: _ga Value: GA1.3.1242029032.1662583883
.stuff.co.nz/	1970-01-20 05:51:10	Name: _gid Value: GA1.3.1304317082.1662583883
.stuff.co.nz/	1970-01-20 05:49:43	Name: _gat_6fec2d418904450dace4f478760dcc5a Value: 1
.piano.io/	1970-01-20 05:49:45	Name: __cf_bm Value: 7l.iZQ7JNr4_LdkXEBc5HrNUuBVY4nHTJCzeB_hW_EI-1662583883-0-Aa0/tXpXYGcWCHz8J4y6M8TQ2G8Gaz3G1ZNNEROAbNdfUIM/wc3ORzXR/oJsosTI7L19aW45NIz4a37o0SZXOWQ=
www.stuff.co.nz/	1970-01-20 05:49:44	Name: __adblocker Value: false
.stuff.co.nz/	1969-12-31 23:59:59	Name: sjSE Value: 1
.everesttech.net/	1970-01-20 14:35:19	Name: everest_g_v2 Value: g_surferid~YxkESwAAACBJ3wNn
.dpm.demdex.net/	1970-01-20 10:08:55	Name: dpm Value: 54014277804052494904341488304845762271
.stuff.co.nz/	1970-01-20 10:08:55	Name: nol_fpid Value: zvgr4ru3zqfrztqk4cqdvq7ysq7bu1662583883\|1662583883523\|1662583883523\|1662583883523
.stuff.co.nz/	1970-01-20 15:25:43	Name: AMCV_F5D11253512D2B170A490D45%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19243%7CMCMID%7C53859363537959488984326580442560834159%7CMCAAMLH-1663188683%7C6%7CMCAAMB-1663188683%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1662591083s%7CNONE%7CMCSYNCSOP%7C411-19250%7CvVersion%7C5.2.0
.stuff.co.nz/	1970-01-20 15:25:43	Name: _pprv Value: %7B%22consent%22%3A%7B%220%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%221%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%222%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%223%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%224%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%225%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%226%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%227%22%3A%7B%22mode%22%3A%22opt-in%22%7D%7D%7D
.stuff.co.nz/	1970-01-20 15:25:43	Name: _pctx Value: %7Bu%7DN4IgDghg5gpgagSxgdwJIBMQC4QBsDsAzgMwIC2yAHMQHYCcA1gG5MCsAZiADQgCuhMAE6FsNXrlw9%2BQgMoAXCHP7YQEGgHsa3EIQRyYGFQEYjrIwAYjdSpQBsV-K3z4ALACZWIAL5A
.stuff.co.nz/	1970-01-20 15:25:43	Name: _pcid Value: %7B%22browserId%22%3A%22l7s3imw8h3o76owt%22%7D
www.stuff.co.nz/	1970-01-20 07:59:19	Name: __pnahc Value: 0
.stuff.co.nz/	1970-01-20 15:25:43	Name: mbox Value: session#55b9819bd9534133ac02a12cd031f7cb#1662585743\|PC#55b9819bd9534133ac02a12cd031f7cb.37_0#1725828684
.agkn.com/	1970-01-20 14:35:19	Name: ab Value: 0001%3AmjZgl%2FZD7cdKY%2B5VewVl1EU6oTO4lJh6
.2o7.net/	1970-01-20 15:25:43	Name: s_vi_Gx40HSGx40YOx5Bx0CRUTGGNWDSx40MMx0CQSNETBUHNO Value: [CS]v4\|318C8225BFD9E06E-400016876072A9D9\|6319044B[CE]
www.stuff.co.nz/	1969-12-31 23:59:59	Name: aasd Value: 1%7C1662583883792
www.stuff.co.nz/	1969-12-31 23:59:59	Name: __aaxsc Value: 2
.stuff.co.nz/	1970-01-20 05:49:45	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.stuff.co.nz/business/125592089/ransomware-attack-waikato-dhb-supporting-patients-after-documents-dumped-online%22%2C%22sref%22:%22%22%2C%22sts%22:1662583883928%2C%22slts%22:0}
.stuff.co.nz/	1970-01-20 15:19:07	Name: _parsely_visitor Value: {%22id%22:%22pid=436b825b7eb83a120a503541934751af%22%2C%22session_count%22:1%2C%22last_session_ts%22:1662583883928}
.imrworldwide.com/	1970-01-20 15:11:19	Name: IMRID Value: d59ffec2-2eee-11ed-a5e9-a989cec3364d
my.stuff.co.nz/	1969-12-31 23:59:59	Name: SESSION Value: a9dc1456-73fd-4b17-bc27-db26db9d2dc3
.exelator.com/	1970-01-20 08:42:31	Name: EE Value: "e74680128ee7020a88bdb6b54bf5fb40"
.stuff.co.nz/	1970-01-20 05:49:51	Name: ak_bmsc Value: 7DC40BE9BA05FA7227B31794723A7F82~000000000000000000000000000000~YAAQTqwVArmCHgCDAQAAx8i4GRHfX970H6PDmDOmOHy8wCuzh6/0mczw5XjnEj6RJtTuW1REwi/djYsQoY8s0LA1Vz4FR8VVjX+cHrP3jeef/s5vDL00//z7ifa+7WINfMH1U+QKXP1MLqui2auoppnjt/EXzvKB8xr15dL3xgpaSAItHsQTAGlTUNZgxHZRhKyBdzjbxpd8cEb1rhqgJTVjbD+8X9+1/9rlc+vm2lnPKKiV53ekfeIp507QMxr2PLlXP3KWBnhS1B/BOmsgyhyOUspJY/98EsHyajCHI/lVy7nTIc16BB14fRmxHUzMy7ejWCWE8y0YlEs0mUAsHMUvNabgS/Uw9r9fK+wyeR7qFCY8dSObrGqI0gbLYWDuQgckfN5vMiIND7pqo3OEgr+jxbcDc//RLm9Sg+I3HrC8XLNBTSnAogtDwrvMU+CbtnRZ8nS6KEEaqnw7ng2ygPshTZEAEO3hwr8wi1rFcKgEHK/JNjFTheHnzqVXht5v7ojgmWWBMw==
.exelator.com/	1970-01-20 08:42:31	Name: ud Value: "eJxrXxzq6XKLQSHV3MTMwsDQyCI11dzAyCDRwiIpJcksydQkKc00LcnEYHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDAdEl%252BUWb6IhfXxUUpaQyLSopPBR%252FsuQMAm7Mquw%253D%253D"
.stuff.co.nz/	1970-01-20 14:35:19	Name: cX_P Value: l7s3imw8h3o76owt
.demdex.net/	1970-01-20 10:08:55	Name: dextp Value: 21-1-1662583883666\|3-1-1662583883803\|481-1-1662583883906\|843-1-1662583884007\|771-1-1662583884108\|66757-1-1662583884209\|121998-1-1662583884310
.crwdcntrl.net/	1969-12-31 23:59:59	Name: _cc_cc Value: ctst
.stuff.co.nz/	1970-01-20 05:49:51	Name: bm_sv Value: 26FE430DA36FD7FDE399CC2B6D655E24~YAAQTqwVAruCHgCDAQAA6cq4GRE2pjaFqN9S2xGSqLkY2SOktDWUGrQRWCbOtq1VtmDEgjOIv36R6+VEGAAbV32wXRDTZN5oTI811P7zR2PKuGXw/8eA01PyGlRSp2PTVGaMjj0R0hT2fAAHQmEqangebMfcKoUAY1X52wDGWrIwBHx8iTIiJ74zNqtN8yiqppZUN10K4lIUB81C/gkgjcnkphFRf4H/V7cVM0rysMl/Kzng/9nZhIMGon+h/5XpOQ==~1
.doubleclick.net/	1970-01-20 15:11:19	Name: IDE Value: AHWqTUkjk57w1JtWoUiuxbjF10CH1GRIplu1jkEEy01USoT4FWzGUV_gVMBw8LL-gSk
.krxd.net/	1970-01-20 10:08:55	Name: _kuid_ Value: PEL7tUUc
.stuff.co.nz/	1970-01-20 15:25:43	Name: __tbc Value: %7Bkpex%7DX4efe22Y8F00MYatN59UT1pRXqJ8Giib8RZ3qc9HdPYKHPCgf34Jy3bpTM1RlT5Y
.stuff.co.nz/	1970-01-20 06:32:55	Name: __pat Value: 43200000
.stuff.co.nz/	1970-01-20 05:51:10	Name: __pvi Value: %7B%22id%22%3A%22v-l7s3imwg82y7ayu9%22%2C%22domain%22%3A%22.stuff.co.nz%22%2C%22time%22%3A1662583884770%7D
.stuff.co.nz/	1970-01-20 15:25:43	Name: xbc Value: %7Bkpex%7D97hM9xBvO6w-KfVqTcyHRUe3MpsEZQdhFXWh6dJJPUu51lWiPfF2LbtIwVMKjgZBZN321FW6RibFLm7rdu2LxWl5yR1CS-i5jdkuTxapz_QMY0vxMOOF5EamNwKOCwn9Om4vwIqCMstnwjzQ39GPidPvHQ5I7Yasbn9wTuZAVkT7053XPAcUdtN6uVAYDPZnmDHm0t9Mw90yI906Y5npcQ
.stuff.co.nz/	1969-12-31 23:59:59	Name: cX_S Value: l7s3insg5ssm20hn
.aaxads.com/	1970-01-20 14:35:19	Name: aax-vsid Value: 3055854848281343000V10
.cxense.com/	1970-01-20 14:35:19	Name: gckp Value: 3d032zp5q6bg13brpk81dg0q0f
.stuff.co.nz/	1970-01-20 14:35:19	Name: cX_G Value: cx%3Ao3od5yekmrhg1rjex9i4uqjao%3A2xheogwfxp0gu

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://videos.oovvuu.com/stuf/v1/ovu_rec.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://adfeeds.stuff.co.nz/v1/channel?v=1&p=desktop&s=/business/null/null/null/null&l=/International&pt=article Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3kgpuoyvi8xqyiigfqr5f3h3w7utl1662583883.nuid.imrworldwide.com
a.teads.tv
aa.agkn.com
adapi.stuff.co.nz
adfeeds.stuff.co.nz
ajax.googleapis.com
amplifypixel.outbrain.com
assets.adobedtm.com
ats.rlcdn.com
beacon.krxd.net
buy-au.piano.io
c.aaxads.com
c2-au.piano.io
c21lg-d.media.net
cdn-gl.imrworldwide.com
cdn.brandmetrics.com
cdn.cxense.com
cdn.kdaimo.com
cdn.neighbourly.co.nz
cdn.parsely.com
cdn.sajari.com
cdnjs.cloudflare.com
cm.everesttech.net
cm.g.doubleclick.net
code.piano.io
comcluster.cxense.com
d867x8xq12ag.cloudfront.net
dashboard.presspatron.com
dpm.demdex.net
events.apester.com
experience-au.piano.io
fairfax.demdex.net
fairfaxnz.tt.omtrdc.net
fairfaxnzstuffoverallproduction.112.2o7.net
fonts.googleapis.com
i.piano.io
id.cxense.com
interactives.stuff.co.nz
l3.aaxads.com
load77.exelator.com
loadm.exelator.com
log.outbrainimg.com
mcdp-nydc1.outbrain.com
my.stuff.co.nz
o68184.ingest.sentry.io
odb.outbrain.com
p1.parsely.com
p1cluster.cxense.com
re.sajari.com
resources.stuff.co.nz
sdk.apester.com
sdk.ffxpub.com
secure-dcr.imrworldwide.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
static.apester.com
static3.stuff.co.nz
stats.g.doubleclick.net
stuffnz-sydney.gscontxt.net
sync.crwdcntrl.net
t.teads.tv
tcheck.outbrainimg.com
token.rubiconproject.com
usermatch.krxd.net
videos.oovvuu.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.aaxdetect.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.npttech.com
www.stuff.co.nz
x.dlx.addthis.com
142.250.185.98
143.204.215.114
147.75.83.64
15.188.95.229
151.101.130.133
151.101.130.227
151.101.14.132
151.101.2.217
151.101.66.227
152.67.117.181
23.205.239.15
23.205.241.117
23.35.228.23
23.35.229.181
23.35.229.56
23.35.237.86
2600:9000:2057:1000:1d:667e:2a40:93a1
2600:9000:2057:ec00:1a:9e13:5280:93a1
2600:9000:206f:1a00:1e:a43d:b640:93a1
2600:9000:206f:5400:1b:11ff:f600:21
2600:9000:214f:4600:1e:9232:ebc0:93a1
2600:9000:214f:d200:2:42d9:3100:93a1
2606:4700:20::ac43:45f7
2606:4700:3032::ac43:bf95
2606:4700::6810:2a41
2606:4700::6810:f015
2606:4700::6811:190e
2a00:1450:4001:809::2002
2a00:1450:4001:809::200a
2a00:1450:4001:811::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::2013
2a00:1450:4001:813::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c08::9d
2a00:1450:400e:80e::200a
2a02:26f0:3500:587::1e80
2a02:26f0:3500:893::268b
2a02:26f0:ea:4a6::3871
2a02:6ea0:c700::10
3.105.141.111
3.124.33.5
34.120.195.249
34.251.191.33
34.252.39.216
35.190.50.98
35.190.72.53
35.227.201.100
52.17.253.32
52.18.161.218
52.18.211.80
52.209.16.61
52.215.50.2
54.78.254.47
54.80.61.218
63.34.81.234
64.202.112.255
65.9.61.60
65.9.66.111
69.173.144.138
69.192.160.219
99.86.4.6
01a02851049854d2d7e2ce81446cabdd55afe68b68bdd7ee09be35bc3dc504ac
02dbf9e5b0ac363b1337d36e54fe593a87560c1f7cc585aaf81608baaf567244
04142857a43c3bf04f03b182ac95d7a519e9c85ec50f44247edd23f951232d98
07275140ea3f47293d4f8a51d785a766eb1c94e4ae087f7c60c5bd611328ac86
075a8ac615514bdfb50ff549c364975167a846d282b3bee916152fee7cdc7a7b
09675ea155d08e959872d1f64ae603c9e0071d502c7ddfe853e0fbabf7e9cc15
0a325decfde845ca807eb95bb738b93e3a39bc9dc5dbbe30006a46d0aaa11985
117ed873640b992e38f34a0a761dd3e1cda6b3c24c9507bb3adc0323039f8ff1
11d6af78e66283ece20bc13c4439f9beea0cac411e9ac90ee81f74ce290bf2aa
15f0e8785ed86a7e2f77ee7f29dcb9c6dde7dd976e04de99c9d9e4cde7672aa9
1786bfb5bc61c63a26e18ac30db3db9cdf3c87ae30f40ea907fe040ac2a99b27
1a0decca0c2168150ddc4982022766c1a3268e18187e083149f4af1643a7ba06
1b9480ad994c1a9d31afe37821380ead6b5a36a0088c1cd6b10f56d257739687
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
269c614f28c2a9470a6f1c3642a1734986a949f9272a0ce52e1c9d7eb888028f
278146e898fab9a0e0a48a19c65a730c2b94a5492a03a621eef220e26712700b
286a5bcfa642461849ca5397fde16452a1f50d784bc7cb1631099ced066831ee
28b8b88196f15352c2c5fd6411ae1da28f72cc1ed3cbf26a13eef570d2d9b101
292288f03d122da15bcd8cbd10868a0a047cf22e83e0f83c231f48bf23fcb860
2a790de20153d921b7be7123dd4668d130fea09fe94d6ce267b499d3e75f7a93
2b50c05a7f67bb2af3c6622362567076243096d361625d4b17a3d906b0b6ce0e
2c03d34c0f5a43ee7d151810766dcaec78abfb894ed2e1fc88f58b7c7689a392
2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3207d12eddcd5a7207fa64a26747eb2bc81a7544d2f871abe2e5424895100966
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
33def4d457d490ce89b5e6be3dcf904c25d03a50dd7f7a65237f395d7161b5e4
3c038cfbe139775e4f3cdf178631db05bcb18b02a0ac286fdb72c2bb92b1c98c
3c2824b5d9d3293a4d3b231891aa2834a476f16463bfb8824e7a8225bba32053
3ca34255611f4ca75ec73a50ba5d0c173c8f633e7b6fc798505874a91642b08d
42e8aa892f98807c2b3f49f7c83002b605e357c9463e8a3fbaeffa805fae5bcc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48c6d12327593c8395849eaaa62a016dd10711495824a90ca550a5aafeb06d79
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7888ff0f09652a80767bad958aaec1cde6d63b3fc958d9cb7d2467bb867ea2
535be4b8bedf82433d210152dfb19dd4eaf5796c4e61c2be1c2ed356827b5580
5522fa3faddd44754a3031f0cea90f32c4da5ca5246a91be3f88fd58478d2005
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
6200739690705845c8c84e0c50795221872b62623a68106f19d9793d6a434636
635a136e36d4a58ca3d882b71061c4764b613fe4361ea61b22dade8abda2c4b4
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66d64ecd956174bddcffdc71bdc1e8370638915731779ae7c8b396b1f5b8cb4b
69d92effdc84c53eff0fe0c3d1f86bd98a6b76ff9eae33c6fe3f934555cd08ec
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6becd77411e34f8dcd313296ae9e181664a3b3cc0a044b38e1534dea05336087
6d6cb4bcf91fb483d6f958f9aec072249aa112f73fca03695a61e8cc98bd8246
6e29947674d4ba75d5417e6ad8b7d8f30cc56310394c1e5d4de713b827c31f73
6e8f782cb76f95850c56a2bec743171e3ece77af0a3817b315581b53b88e1eaf
6e9e064b938b0b9cbd469cd53860467254dfaa40fb278949ef8213062affc6f0
71bb74021340ca7d325619d0d0da90651add48bc4c627a4c60219fda7fc40a35
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
788428389780b0f3802dcb3ad86176ba22aefec9a6d7f255794755c34d2ec264
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d0b5690d943eeec5db9b0344f07d4faf581c1f9452790fbab40ad4c11e78b57
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
82411ccd8cd8814825970283d58f132cc2baa464062aa0e5fae2132ab9aee2ad
825e3cb7973c54ea34fcb2766aac7400241856eb9c11f8349c70071e9e5c51d3
84116d8c33d1062009773058b928c6dbcd086891a3061a175709166ba2e57191
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e4cea7590220e8b29905c5a92057f3e98d11f8e225a1e0ca762a1c83e6d8f6
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8fbf6dbda27863e94305c9a5b26d276bfbb627f7a34a4b0de1e3ee6a6d15fdeb
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
9407a280fa95783f12eef3531e5d6e2135279116b759d464e99945eed37c2e4f
94b570c0adf306d4cfd4e6acf9750c96c2f8e8e5ec413d2776f247cdcd70e754
9685145fc6691742536e349a2953828a84fd729012f34f00cb09b8a26f713b6f
96a1951bf490b344d6776ce3b6539bb632d3019017541d876eb3f50af85444f6
99a42e69ccec698d9be89d17d7cb3efa693436bd3422b9a038919a8a878128d3
9d2ed300e56e6818a6d7436b2bf489c58af9948328afc1985caf73a9f444c71d
9d73ef96b9d0d9d2e2f4a8c2133eac7bd5fc9e3e0ec952a7d383e44a4b677db5
9ecf5cbe631f042bebb2e8bde0b900b2c1aff87a18c56d49979cf16f6cd7b1d9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a9de0b5cc458cb6c015879ca5ce1ea100339f5d315307a5b5a95476ba630c2a9
aa2364dedec6a43252d203e609c5a6f15a8a115004481e2713102c9623fb9435
aabf2045079740c4cd6d94f34fbf93ba309ba700153beff2afa134c032fc5e62
ac98048df1ce8b39e1e8d6c6f4bd6a70eccf5b9f1f25c8c1e79492d71ceba077
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0fcb4ddd51c77676d524222345c107a2832c4b8a35c45941071ea19f2861135
b460d56dd27b62df333537db25d28e7e5ace33535bf4c7d7d767bdbc687a8dd9
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6f5af45c27f5a871850fe68f8e887e7a561e3857651fa6f92b9eb9077f94aed
baf9bfce1407c6ebb747300fbebf337c86d69cdae40b3c29bf5b249092b7e591
bba05a999896e6d09e9a37b69ebb5e282d8aa0b20a5fd94a3d2a6f0a43a16a6c
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
c055220cad9ab6321c8d430056a88f8ecc1a03e77780aeced9bab04f64285e4b
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c1e9510079704b81b083e51700f25a88ddd444272ae498f3b5cd06deb164bfd1
c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc
c6c9d933545f78d4c695fc526ec67c595d64147a8913185a55df60101664a4ec
c9193654a23422beffa46afe37ae99483653dd827112d3678c889c0c505570eb
ce67b0786f14c7c1861eebd94f6557072e99e50ab95176a2f23d7444c4dc2741
cf38d19d37a13789e99300f5fa0110a86c4d9b3ec76d30a5a731ba72314b45b3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1d858cbffd70b52bf6b006f81d7616c495d26830775b826d82e5cbe42a66a1b
d2b400c65cddf356b9056899cc2e34c1df2964e5437eed73e184634679cbbe77
d2ef35015b71cb6761c1195e189c244db67e6f56633a601f552ebfd6cf9b15aa
d3871e2070a243288259b54f34b530e09ad7005f4aa0938cc8fb3dc6cc096b24
d82b3b69ed27853344397a159429cced7fa5019fa56412c0a3d627471ef709ef
dade902a48924452a6b0257835791ba865f82e61a0a4ee3900d66c65859ef0b3
e3981b1db3de18ae74a074167e1d1bcab1b1762ff521ec6469c9543a690453de
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cada74514ea791cf21ea5c1500de5fc08454e947f0aea484b8e5ef2ce4ea18
e66cccb6fd64ae7c7e428900129c22644e340286024b3e0bcce8b94432745e7b
e8cd27492a8b97fa4c07c1210f85eb04a9a256d00733dec84de8d6bad6548b69
eb578e5229cead21a487f38f0428ce5362cc04b13dfbc686cb380be538c0e79f
eba8e146cb4aeb1da575bb17f8961d2594d0f60af6d7eaed5cdc95c4dcd451a1
ec715e7888c5f96ac6e9961fc08b8e8a42c60c9618314e8adf5a5c4bd87a55f5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f150e1bbb75e086a62af5776f3d2a4a4da21e42f7d736904b3daf59f7ab0d8a1
f80109ec490539b25ef57335c1b19502a84d390dafbd39d24163b5d20691431e
fb5c24b4ea797b4578b5e62a0b549058f81130f4c360afc4b113d013053df318
fde9277e699de5f4419f378e798a3a4ddbfd429b9b6a466b64d9b2ef8526a55f

www.stuff.co.nz Open in urlscan Pro 2a02:26f0:ea:4a6::3871 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

140 Requests

92 %HTTPS

39 %IPv6

42 Domains

75 Subdomains

55 IPs

8 Countries

2601 kBTransfer

7427 kBSize

45 Cookies

21 Outgoing links

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.stuff.co.nz Open in urlscan Pro
2a02:26f0:ea:4a6::3871 Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

92 %
HTTPS

39 %
IPv6

42
Domains

75
Subdomains

55
IPs

8
Countries

2601 kB
Transfer

7427 kB
Size

45
Cookies

140 HTTP transactions
3 data transactions