www.plusrewards.com.au Open in urlscan Pro
172.67.68.104  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

• https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573 HTTP 302
• https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573

Request Chain 49

• https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1143484772&utmhn=www.plusrewards.com.au&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Home%20%7C%20%2BRewards&utmhid=22915909&utmr=-&utmp=%2Fdailytelegraph&utmht=1685992972789&utmac=UA-5748164-21&utmcc=__utma%3D215327702.852457826.1685992973.1685992973.1685992973.1%3B%2B__utmz%3D215327702.1685992973.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2002281367&utmredir=1&utmmt=1&utmu=qhAgAAAAAAAAAAAAAgAAAAAE~ HTTP 302
• https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=852457826.1685992973&jid=2002281367&_v=5.7.2&z=1143484772

Request Chain 66

• https://cm.everesttech.net/cm/dd?d_uuid=65549869939737412751762118717038319212 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZH42EAAAAIt1GAN7

Request Chain 76

• https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
• https://dpm.demdex.net/ibs:dpid=358&dpuuid=697380763464048060

Request Chain 77

• https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=470&dpuuid=3442145311348120818

Request Chain 80

• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjU1NDk4Njk5Mzk3Mzc0MTI3NTE3NjIxMTg3MTcwMzgzMTkyMTI= HTTP 302
• https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK9hMuwlnyNVUs2W1U16aZM&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 81

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 HTTP 302
• https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=903&dpuuid=9ab2e35e-8a3d-485e-b134-4f790c86079f

Request Chain 83

• https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
• https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZH42Es9CbPCawWApal4v9gAA%265327

Request Chain 84

• https://dt.scanscout.com/ssframework/uid?UIAA=65549869939737412751762118717038319212&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-59df0a59210c34c5fdf84e9962bd687f

Request Chain 85

• https://ps.eyeota.net/match?bid=6j5b2cv&uid=65549869939737412751762118717038319212&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=65549869939737412751762118717038319212&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 86

• https://usermatch.krxd.net/um/v2?partner=adobe&id=65549869939737412751762118717038319212 HTTP 302
• https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=65549869939737412751762118717038319212

Request Chain 89

• https://tags.bluekai.com/site/43981?id=65549869939737412751762118717038319212&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID HTTP 302
• https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Request Chain 90

• https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wkg0MkVBQUFBSXQxR0FONw==

Request Chain 91

• https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
• https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZH42EAAAAIt1GAN7&expires=90

Request Chain 92

• https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7 HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7&C=1

Request Chain 93

• https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
• https://ib.adnxs.com/setuid?entity=158&code=ZH42EAAAAIt1GAN7

Request Chain 94

• https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH42EAAAAIt1GAN7 HTTP 302
• https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=ZH42EAAAAIt1GAN7

Request Chain 96

• https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
• https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZH42EAAAAIt1GAN7

Request Chain 98

• https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1&__user_check__=1&sync_id=6269e68f-03d6-11ee-8092-1ff47b410207

Request Chain 99

• https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
• https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZH42EAAAAIt1GAN7&t=2592000&o=0

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dailytelegraph Show response www.plusrewards.com.au/	308 KB 30 KB	1003ms 312ms	Document text/html	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 07a15df337fccae33da1feca676790dcbdfd3c2f9745dc884fed8dbbcb6420f5 Security Headers Name Value Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://myaccount.news.com.au https://myaccount.news.com.au Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers age 0 cache-control max-age=0 cf-cache-status DYNAMIC cf-ray 7d2ac949fa726a5d-SYD content-encoding br content-security-policy default-src * 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://myaccount.news.com.au https://myaccount.news.com.au content-type text/html; charset=utf-8 date Mon, 05 Jun 2023 19:22:46 GMT expires 0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lcx4kLhh7Q7Q8NXAYbSRr%2BpNX%2FyJPEXOVSvN58UkIqSSWyd9yVcNtmrXsaWef0RAWIr%2FdIpkq8dB0R5cLeW7pgQvW4jINtzRDHPle3ZgTMbw%2Bg2PePQg6Oyc7kSwLJsX6%2F3aGFF7Wk4%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000 vary Accept-Encoding via 1.1 varnish (Varnish/6.0) x-clock-cacheable NO:No TTL x-content-type-options nosniff x-frame-options sameorigin x-response-time 123.000ms x-ua-compatible IE=edge,chrome=1 x-varnish 94541984 x-xss-protection 0
GET H2	200	index-rewards.css www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/	120 KB 19 KB	176ms 176ms	Stylesheet text/css	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/index-rewards.css Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c951567b079e3831dabf4b934a11b9b2934dca7ef518766759f4b5eb5609e0f0 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20338945 content-encoding br x-clock-cacheable NO:Cookie x-response-time 8.020ms last-modified Thu, 13 Oct 2022 09:37:42 GMT server cloudflare etag W/"1dfe1-183d0b4f16d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBWkgJo79WEYmPUTj9t6qVmmibIjiPckGXliRWmEfr9dF%2BRy%2FGNyMMJ3fNHlPCHDIaYu9uuN%2BUrQ8XcFjjOmLR9iGSbhkLkHCetBl8tJuEw%2FxS2PLEWAGWCNpcR01ioHh95mY%2F36ajc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=UTF-8 x-varnish 50388899 cache-control public, max-age=31536000 cf-ray 7d2ac94c1b556a5d-SYD
GET H2	200	css2 fonts.googleapis.com/	7 KB 1 KB	1086ms 263ms	Stylesheet text/css	172.217.194.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.194.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS si-in-f95.1e100.net Software ESF / Resource Hash b3fbd953664215264e3a7fb2c2c68a3826fe96c5801ffe3d79ad431cfb37b78a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 05 Jun 2023 19:22:47 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 05 Jun 2023 18:27:06 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 05 Jun 2023 19:22:47 GMT
GET H2	200	dt-rev.png www.plusrewards.com.au/darkroom/original/0146afbbdbbb3c5d9fd418cd2856f8ed:fbe2c83f15abec67fced19e470b0fdbb/	4 KB 4 KB	208ms 207ms	Image image/png	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/original/0146afbbdbbb3c5d9fd418cd2856f8ed:fbe2c83f15abec67fced19e470b0fdbb/dt-rev.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 18b976f0baead5dee34ba127ca6bf69673c0bc125a84a8ea72e9d5b61d23ccd7 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-application-method Original Image date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 36796677 authorized-request /original/0146afbbdbbb3c5d9fd418cd2856f8ed:fbe2c83f15abec67fced19e470b0fdbb/dt-rev.png x-clock-cacheable YES content-length 3948 d-cache MISS last-modified Tue, 05 Apr 2022 22:04:50 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpxIlFCWBNPAk%2F4F8vgY%2BWGAw5qwga2J5jbSN%2BcczKJXnXSBud6zk3NrodSa7RzWpQNCmKJ%2FA%2F0UAeCfXXyUwsRrVZpb6xwFl1WTcs%2FpvsWpsqVowDoyidJVcDkDu8y2rOXbnBEmBP8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png; charset=binary x-varnish 10386486 197136 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac94c1b566a5d-SYD
GET H2	200	ebOneTag.js Show response secure-ds.serving-sys.com/SemiCachedScripts/	76 KB 22 KB	1345ms 332ms	Script application/javascript	23.52.171.89 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.52.171.89 , Singapore, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-52-171-89.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 9584e01c9e0b3e5a9eab6e960eeda441896c6f0da4d40062a4925b9f63370738 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT content-encoding gzip last-modified Thu, 27 Apr 2023 15:16:07 GMT server AmazonS3 x-amz-request-id JGFG6D60ESNG4BZS x-amz-cf-pop EWR52-C1 etag "30ffb8d6ca1409bc5da2d7dad3c36fe1" x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript access-control-allow-origin * accept-ranges bytes x-amz-cf-id dYkKdURZJYV4wAQBtZ43uraXs-XjWLQ0ZJKQZbtLmHdWZ8pVBkcj6g== x-amz-id-2 3trLUUkd+IFyhzswcIdSelcxVPt97kofZLIfeplupp9SB+Fig0dG5bUbWkYnYB8I4NjreIaucyw= content-length 22605
GET H2	200	8129-adc-w1920xd1080px.jpg www.plusrewards.com.au/darkroom/1200/2cd2b201a14f0d18993110312e619186:4b72a1375f7831398a6f52197a781b53/	150 KB 151 KB	203ms 202ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/2cd2b201a14f0d18993110312e619186:4b72a1375f7831398a6f52197a781b53/8129-adc-w1920xd1080px.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b38203a881ad4c330e92ceeecc2b8efd1b9ede372560658fbd15cc2dfa93ff41 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3097142 authorized-request /1200/2cd2b201a14f0d18993110312e619186:4b72a1375f7831398a6f52197a781b53/8129-adc-w1920xd1080px.webp x-clock-cacheable YES content-length 153734 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 23:00:21 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLtQBMiQJYkBxNGfv03FwWVClYAraCVskNlo%2BF1TjCY4GT4wLL20PgiiNocX%2B0zYnQr3xalbKwtE%2Bdp6jyXkAJXulBpKhJveoWoyFUWsMtMM69bjj2bGwI%2FzSPgolzufgL88I8jdLqQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 87053006 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac94fcd036a5d-SYD
GET H2	200	screenshot-2023-04-14-160345.png www.plusrewards.com.au/darkroom/1200/e417f31beb1d2c1deebacfdf482b952c:fccf7cef3dc4407fdc6b63af275d47ac/	909 KB 910 KB	185ms 184ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/e417f31beb1d2c1deebacfdf482b952c:fccf7cef3dc4407fdc6b63af275d47ac/screenshot-2023-04-14-160345.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14fb3b77c88e15c85373e545a0ee32a22a0d8df26aed8142d40a5ccb7f6e2ff5 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3097142 authorized-request /1200/e417f31beb1d2c1deebacfdf482b952c:fccf7cef3dc4407fdc6b63af275d47ac/screenshot-2023-04-14-160345.webp x-clock-cacheable YES content-length 930516 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 23:00:21 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aCqizst7cqES1W6ksz0v9kC95ArJ%2FPrZmwnUZ8piMJ5BJ%2BO5FmEnJGFS3BdoKIJ4Z%2F0VVlNmBna2OrkQK059eWtHDKHxPzZ5QFqQqHqKERwpd4x65ems%2Bkpgpr9Lng6HVfJU%2BgySAs%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 87134683 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac950fd786a5d-SYD
GET H2	200	ssn-newscorp-1920x1080-2.png www.plusrewards.com.au/darkroom/1200/bffd831340ad8eed68e96bf48452e282:1f342629679f26ff9b1718685ff8f52d/	995 KB 996 KB	202ms 202ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/bffd831340ad8eed68e96bf48452e282:1f342629679f26ff9b1718685ff8f52d/ssn-newscorp-1920x1080-2.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7b45c49e09ac1c7058b7da47902910ca141b468831492e73da274b8845fa314a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5855917 authorized-request /1200/bffd831340ad8eed68e96bf48452e282:1f342629679f26ff9b1718685ff8f52d/ssn-newscorp-1920x1080-2.webp x-clock-cacheable NO:Cookie content-length 1018418 x-webworker active d-cache MISS, HIT last-modified Thu, 30 Mar 2023 00:22:32 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7iAYd5RB05V%2FWvnisj9x1P%2FdV5GTBe1fbePMZl6kkeoTWHtiKF%2BalvANbHhCzd7oGIQYV7wK7CjcF1Fe4Asu%2BqN39GdYHV44xwGGC2m4TXLbiWoiUF6641nMEoANJAhQRTbw2EzfPoA%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 79676458 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac9519da66a5d-SYD
GET H2	200	sc23-brand-newscorp-1920x1080-syd.jpg www.plusrewards.com.au/darkroom/1200/9e825184c6d84cb261a505007ece8f97:9c2ca22b5c9415d68b1f103d4b653b1a/	205 KB 205 KB	191ms 190ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/9e825184c6d84cb261a505007ece8f97:9c2ca22b5c9415d68b1f103d4b653b1a/sc23-brand-newscorp-1920x1080-syd.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash daa2666b6c75b5c0ad185a98fbc15e71bf061dfc49ef1dc3ad89aa8f27494094 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5541008 authorized-request /1200/9e825184c6d84cb261a505007ece8f97:9c2ca22b5c9415d68b1f103d4b653b1a/sc23-brand-newscorp-1920x1080-syd.webp x-clock-cacheable NO:Cookie content-length 209700 x-webworker active d-cache MISS, HIT last-modified Fri, 31 Mar 2023 03:35:03 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLpSOo6qjWR5hqyJ4yomNX%2BqFhkYOnkmqvuSfN%2BXMAf6LGaZyjlX%2F6S612xQ7gAnINnoxYy6V0KblQr5%2B7XpgHb0PDWakc%2FgMj3Cc2qZbj7pxXiIRzsu8XsyCN%2FaB%2BuGyByzuSKwVVY%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 80806308 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac952ee1a6a5d-SYD
GET H2	200	1920x1080-girl.jpg www.plusrewards.com.au/darkroom/1200/7f2b04fbe8acd3bf758ac960084f4904:f717e2d3bf39b99ea838b70fa87ffcd0/	68 KB 69 KB	191ms 191ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/7f2b04fbe8acd3bf758ac960084f4904:f717e2d3bf39b99ea838b70fa87ffcd0/1920x1080-girl.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 889e540402bf1e1b54c2891ae0f4a380cb3696ce3f98988ebfec96e2f0d85171 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5691494 authorized-request /1200/7f2b04fbe8acd3bf758ac960084f4904:f717e2d3bf39b99ea838b70fa87ffcd0/1920x1080-girl.webp x-clock-cacheable NO:Cookie content-length 69984 x-webworker active d-cache MISS, HIT last-modified Fri, 31 Mar 2023 22:00:23 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6si2Iwsx0YTUiWwnQyh%2F69pZOV9zazRvsPO8oP%2FKdsmJrWgxsa51pJ3G5CBeQWGlKu4hetq2MlDUe%2F5IacuxARFuqaAKRUj3hrstXat6CC1pmZLvVY4F5kMt6QRbWitu9WoJwyIEXaY%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 80585276 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac952ee1b6a5d-SYD
GET H2	200	ep-au-13756-resize-images-1920x1080px-3.jpg www.plusrewards.com.au/darkroom/1200/18fb50a5c3e4cc0ea9c6aee327f47be1:2d5e3445424b3a7980f010008afe739d/	178 KB 179 KB	191ms 190ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/18fb50a5c3e4cc0ea9c6aee327f47be1:2d5e3445424b3a7980f010008afe739d/ep-au-13756-resize-images-1920x1080px-3.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbaad9e58cfbd42f41338df6e899d81beaf31b9eb30d2da6b74deeb9bf2cf754 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 7938831 authorized-request /1200/18fb50a5c3e4cc0ea9c6aee327f47be1:2d5e3445424b3a7980f010008afe739d/ep-au-13756-resize-images-1920x1080px-3.webp x-clock-cacheable NO:Cookie content-length 182506 x-webworker active d-cache MISS, HIT last-modified Sun, 05 Mar 2023 22:00:07 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHfpXTpvaktJ7vmzPtN%2BkZq3%2BPTd3ATH7Odi7frlcDTvGAvqXPVzGigiPdzvHnsuzWtVSnA50YWiBvKAqnA%2BKcDcbZv3W8Kj%2FLq%2BgtpkE0w1XLBzYDrAi5e%2Bnu6UmwbSdNpSs8FyqdQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 73956536 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac952ee1d6a5d-SYD
GET H2	200	ac-ksm195-first-x960-crop-center.webp www.plusrewards.com.au/darkroom/1200/6952757b20ab3bd90a5489e27b54393f:5bf286ecfb2f6ce9019123f3d9613857/	55 KB 56 KB	179ms 178ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/6952757b20ab3bd90a5489e27b54393f:5bf286ecfb2f6ce9019123f3d9613857/ac-ksm195-first-x960-crop-center.webp Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 247373fe5b8326425a81bfd1c576a43bfdf4eaebd168dfa658f4cf233d194422 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 71662 authorized-request /1200/6952757b20ab3bd90a5489e27b54393f:5bf286ecfb2f6ce9019123f3d9613857/ac-ksm195-first-x960-crop-center.webp x-clock-cacheable YES content-length 56710 d-cache MISS, HIT last-modified Sun, 04 Jun 2023 23:00:12 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqoQZ9VlxSlUx0UoOZXBjc4UYx4fDwuDcSx7tql5kqjGDLdkMNQdhI6vwVuETYbivLw9OTV4iIGq4JyL5NnNgpsH6PWTb13YjbrAwekyQt7k4zgguA4UawnEXgg0tlBOqJvoZYavWY0%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp; charset=binary x-varnish 93810682 94377109 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac954cedb6a5d-SYD
GET H2	200	gettyimages-1367957675-1.jpg www.plusrewards.com.au/darkroom/1200/619dc47461dd3684ebc6ff8aed150b96:a04b3ab41aaf8636918f99a754848461/	50 KB 51 KB	181ms 181ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/619dc47461dd3684ebc6ff8aed150b96:a04b3ab41aaf8636918f99a754848461/gettyimages-1367957675-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca3df8fa60811ac9f40f90052e42a6ccfae2b50bdcf49c44451328c64789cfb4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 71662 authorized-request /1200/619dc47461dd3684ebc6ff8aed150b96:a04b3ab41aaf8636918f99a754848461/gettyimages-1367957675-1.webp x-clock-cacheable NO:Cookie content-length 51424 x-webworker active d-cache MISS, HIT last-modified Sun, 04 Jun 2023 23:00:14 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4mcpwWkgaw9rMUeDZ%2B9WErGskf%2Bopc%2BusnqhTaHAwYqRKaXLugJSadlOPyEt731BJXzACSv1jbUBzxkX985Ed0K0KtOQMwk76ul8HggoFLD4iVDxNqLRwr46f55b%2Bi5eeOHZyANAKjs%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 94026042 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac954cedd6a5d-SYD
GET H2	200	illuminate-adelaide.JPG www.plusrewards.com.au/darkroom/1200/26523083660a815696f1eb080487a8ae:82c68a5fdf5c0542b1e31de4a673cddf/	19 KB 19 KB	180ms 179ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/26523083660a815696f1eb080487a8ae:82c68a5fdf5c0542b1e31de4a673cddf/illuminate-adelaide.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 773a100fcdbc6392876b46c7ea936963a36985600e79a08beac1d2fdb90a116e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3129339 authorized-request /1200/26523083660a815696f1eb080487a8ae:82c68a5fdf5c0542b1e31de4a673cddf/illuminate-adelaide.webp x-clock-cacheable NO:Cookie content-length 19450 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 14:03:43 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jliQo1jTGjWs%2BFdQbVDDXYt0uhALoQXLvCenXfDmCWV%2FEO9A6Uv6%2BVsiI%2FRzU6KkKHU9%2B%2FaDVivFeZGrPyj%2Becs1VG5tWzM6NZ8MaszPn8OKLfYfKfZVb4G3XuAlEsh4EDNuL40nW%2BM%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 87302435 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95a99086a5d-SYD
GET H2	200	4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.jpg www.plusrewards.com.au/darkroom/1200/0d75703a651361dd3c3ac1189acb6eb5:0beebdeb700eb9159b563e947f00250c/	22 KB 22 KB	181ms 181ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/0d75703a651361dd3c3ac1189acb6eb5:0beebdeb700eb9159b563e947f00250c/4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 394cba78aabd4d7a22876a4a19d1a80a1dbbb5981f408f032ce159768e6a03eb Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3129339 authorized-request /1200/0d75703a651361dd3c3ac1189acb6eb5:0beebdeb700eb9159b563e947f00250c/4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.webp x-clock-cacheable NO:Cookie content-length 22078 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 14:00:23 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p55GlE%2BHYOMfC7MQZO0QGZZ%2Foe5KSgAUgl0%2FFc4S7sfTxfhxMPcrDCuCjLgUbO4eAAMEAYeJofE%2FnPYVsfUebCl1wMGbUxxjBs4ItIreePLesHBX0MeouAhEYm98glhIDEY9iC%2FAStk%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 87302439 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95a99096a5d-SYD
GET H2	200	screenshot-2023-02-28-162312.png www.plusrewards.com.au/darkroom/1200/205961c7f6d0c931217cbf60f76b3ac7:ee91bfea383a2115e708d53b5c7f8e86/	455 KB 456 KB	181ms 181ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/205961c7f6d0c931217cbf60f76b3ac7:ee91bfea383a2115e708d53b5c7f8e86/screenshot-2023-02-28-162312.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e2a9f7912819a604c2b9fb769829f71e755d22bffe035a1e358f632fa0d9412 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3096992 authorized-request /1200/205961c7f6d0c931217cbf60f76b3ac7:ee91bfea383a2115e708d53b5c7f8e86/screenshot-2023-02-28-162312.webp x-clock-cacheable NO:Cookie content-length 466142 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 23:00:15 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnhA6UOd6UHwoJhfU%2BYZQVwlD3Q48G9wYLjjXybLyd%2BW7VYYVNCwfamUESkKHjGSLMSIXl6diyH5pk%2F3KzNGTZv%2BM7RZGY6h21oTdATcAxOy04rW1kvMljJvQL2uhABznGVfHF9ztpo%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 87188848 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95bb96e6a5d-SYD
GET H2	200	rd-urban-dining-tomorrow-s-lunch-22-5.jpg www.plusrewards.com.au/darkroom/1200/f26f4d7c2b94fa1219e096c1903327be:e0c0df1614c1f1c4997109a504225464/	63 KB 64 KB	178ms 178ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/f26f4d7c2b94fa1219e096c1903327be:e0c0df1614c1f1c4997109a504225464/rd-urban-dining-tomorrow-s-lunch-22-5.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 093d8f0471620eeec3858045cc17e5c83a6825fc4dc012d388f3227bbc3f6e68 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3096992 authorized-request /1200/f26f4d7c2b94fa1219e096c1903327be:e0c0df1614c1f1c4997109a504225464/rd-urban-dining-tomorrow-s-lunch-22-5.webp x-clock-cacheable NO:Cookie content-length 64558 x-webworker active d-cache MISS, HIT last-modified Sun, 30 Apr 2023 23:00:14 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QP4%2FbEhtbxajoYc06YpzGY%2FiDMTyybr35eIXKjexhl8amdm13JnS8H8zBWnwM32btFKRiKKnj3l2l5H7sVAn2X5SvY1JeoyDSgs42E6Fe4jUgwb0SL7y%2BDSajl3sD7vg%2BsO9KiHbV0%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 86659643 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95bb9706a5d-SYD
GET H2	200	dt-rev.png www.plusrewards.com.au/darkroom/original/5b812b43e639de510d5e8f797373006a:7e737b8c42df29e6348ab71fe7e8b363/	5 KB 5 KB	179ms 179ms	Image image/png	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/original/5b812b43e639de510d5e8f797373006a:7e737b8c42df29e6348ab71fe7e8b363/dt-rev.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d90e6e56feffa1cfab9eeff5b73ac8a672770125810733d45c9edffb4450522d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-application-method Original Image date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 11139591 authorized-request /original/5b812b43e639de510d5e8f797373006a:7e737b8c42df29e6348ab71fe7e8b363/dt-rev.png x-clock-cacheable YES content-length 4846 d-cache MISS last-modified Fri, 27 Jan 2023 21:02:58 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwBpt6Xw3DCIWyoWuvFlgghFKxT1MLiV4zbdn%2B%2F7RpByOJi0Fw5DWIKzl889CZidQbYrOE7f%2Fqpgp5WEmTju27yuHl7UaaJBa5Zrjg55GjraYw5VweA4lnkKwJr6z%2BtUBX8HR04HY0k%3D"}],"group":"cf-nel","max_age":604800} content-type image/png; charset=binary x-varnish 67290451 285142 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95c39c56a5d-SYD
GET H2	200	daily-telegraph.png www.plusrewards.com.au/darkroom/515/00114a739e8e62ebfcc75e910e985df8:6e7cbcd18c1e229e2d911f42957bfdf3/	68 KB 68 KB	180ms 180ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/515/00114a739e8e62ebfcc75e910e985df8:6e7cbcd18c1e229e2d911f42957bfdf3/daily-telegraph.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0149fda0fe70d117d2fb621a92eadf8d5a2956591627665543d6bce7d291413c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4509812 authorized-request /515/00114a739e8e62ebfcc75e910e985df8:6e7cbcd18c1e229e2d911f42957bfdf3/daily-telegraph.webp x-clock-cacheable YES content-length 69162 x-webworker active d-cache MISS, HIT last-modified Thu, 05 Sep 2019 21:17:21 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hF0Vqy6Tc4SBenJe%2Bi%2Bqtokg960nLiC63uP4%2FHRkSJXJp5vDsd8VHaYhBvuLDo638p7Wo303HGZezO9hdypnQebfETGMWEGqBICpVOE6oWlt7pdq572ATetB4KB%2BcvXmKv0lhthERBE%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 83903254 701960 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac95c39c66a5d-SYD
GET H2	200	news-corp-logo.png www.plusrewards.com.au/assets/img/content/	2 KB 2 KB	178ms 177ms	Image image/png	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/assets/img/content/news-corp-logo.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc17f8f103be6eb21a2a665ca699009649851c4b049892cb384beaa519e8922d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:49 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5324071 x-clock-cacheable YES content-length 1944 x-response-time 4.028ms last-modified Wed, 23 Nov 2022 17:21:37 GMT server cloudflare etag W/"798-184a582681d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5ap3o2992W5zKTKLbA%2FsXXTCkMfeNIksKGa9Q3a0gUVmkMXXduKNnXeFAs2WMBzWw9ZnOmvtfRrzQ65Y34XLHkbuZNEibI2PHg%2FVE8ykLXcyWoRkbKnC9Q0OhDCf%2FcE2IVFvR4tbL8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png x-varnish 80947675 67035902 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7d2ac95c39c76a5d-SYD
GET H2	200	raven.min.js Show response cdn.ravenjs.com/3.26.4/	37 KB 14 KB	1260ms 317ms	Script application/javascript	151.101.66.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.ravenjs.com/3.26.4/raven.min.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.66.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 3b6205206b5c515bb685b81ad82ecedf1264a0f1b6b0a99b2d89ce18fe30bc5e Request headers Referer https://www.plusrewards.com.au/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT content-encoding gzip last-modified Fri, 20 Jul 2018 09:10:03 GMT server Fastly age 50681 etag "e7a52e3ca61154fb6077ca08d351e3e3" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 13757
GET H2	200	vendor.js Show response www.plusrewards.com.au/assets/js/build/9da1706c96be601c7e57433c325c193e/	739 KB 206 KB	297ms 296ms	Script application/javascript	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/js/build/9da1706c96be601c7e57433c325c193e/vendor.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9aa3b1a29a90ea3dcda8b653b0842e0f646bafa500ac8ee7f54f3d56503c1168 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20338945 content-encoding br x-clock-cacheable YES x-response-time 2.326ms last-modified Thu, 13 Oct 2022 09:37:39 GMT server cloudflare etag W/"b8aea-183d0b4e3e2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2Fs%2BLRZRhuMKtIezNbIzWvSHQHKvJ65ytNULukyQP%2BOH4qKIbDjCskDRSHbeVcW35P0BR0%2B9q08cEynouI2FZRMiZ6hl6Z4kPP5aNSvLNOLqcEaf2l%2FaUaxUhPlx%2F9N9o8JO%2BWb%2BRu0%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 x-varnish 50388902 50516612 cache-control public, max-age=31536000 cf-ray 7d2ac94d5c106a5d-SYD
GET H2	200	base.js Show response www.plusrewards.com.au/assets/js/build/83fc5d42265766b8bdf30b4918d36050/	542 KB 77 KB	185ms 185ms	Script application/javascript	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/js/build/83fc5d42265766b8bdf30b4918d36050/base.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e78884c562fb80f581008e50cd16a6b89a71dd4432d24fce64b907726940550 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:47 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 10311939 content-encoding br x-clock-cacheable YES x-response-time 1.321ms last-modified Mon, 06 Feb 2023 10:25:34 GMT server cloudflare etag W/"876fa-18626427229" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBwAP2M9H6xfhskVOAuiS5amqXyA8J%2BGK24PK%2F%2BAs178kqT4O0bs4w2Giky9ERDDLAxakCfgO8U%2Bm8xh0AI%2BKLhWzcNjE7tc8YR%2BEOzeHjZStXiM%2F5WZ5%2Fw33R6GDX05%2FW0DfwR7Vd4%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 x-varnish 69051805 67107189 cache-control public, max-age=31536000 cf-ray 7d2ac94d5c126a5d-SYD
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/newsltd/dt.wl/prod/	50 KB 14 KB	2374ms 1286ms	Script application/javascript	52.84.251.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.84.251.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-84-251-107.sin5.r.cloudfront.net Software AmazonS3 / Resource Hash 50a6c483fae2f0c156bc37fc3532bda2b3fad60d771f7d9048c8c1bf3cfc79fb Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id 4UbAY8C7sTbQ0djh_B2DFzX6Vy7JOBe_ content-encoding br via 1.1 80a9a66193c3e6350d12faf1c397c974.cloudfront.net (CloudFront) date Mon, 05 Jun 2023 19:22:50 GMT last-modified Fri, 10 Mar 2023 17:50:48 GMT server AmazonS3 x-amz-cf-pop SIN5-C1 x-amz-server-side-encryption AES256 etag W/"f05466ac6760dd6a2bb1317117625edf" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript cache-control max-age=300 x-amz-cf-id oOVsV-my85cl0EEcRI_446NVMTCFJ8Cm7iUFWLx1oV8gwvE4OBmudw==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	106 KB 28 KB	1168ms 333ms	Script application/x-javascript	157.240.235.1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-04-sin6.fbcdn.net Software / Resource Hash 0caf64bbe8954fe9c2166955ec4e1842b2f0780fb0cbb76ed7d60ea0dc59dddd Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 05 Jun 2023 19:22:50 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27549 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug ubkVmvm1Somr/nh/eNVpbJfD7SoVKWzshYkG7SHvSKnTINd2ss54MvsVNSkonWUELNM7QlCtUN17NSYRKrPiRw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	953ms 260ms	Font font/woff2	74.125.200.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.200.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f94.1e100.net Software sffe / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Tue, 30 May 2023 23:16:34 GMT x-content-type-options nosniff age 504374 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13036 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:04:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 29 May 2024 23:16:34 GMT
GET H2	200	9625 Show response secure-ds.serving-sys.com/adServingData/PROD/TMClient/5/	106 B 432 B	1961ms 964ms	XHR application/octet-stream	23.52.171.89 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/5/9625 Requested by Host: secure-ds.serving-sys.com URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.52.171.89 , Singapore, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-52-171-89.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 5076bd7c5c84d0b533c19313a1ef4c0e6e4ba41b22f87b4ed7dcd0caea8947c7 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id ni06aRNJ.oW5iot1yEoFCHIYC9YxODnP content-encoding gzip date Mon, 05 Jun 2023 19:22:50 GMT last-modified Thu, 25 Jun 2020 00:21:01 GMT server AmazonS3 x-amz-cf-pop IAD79-C3 etag "871ff70fb44fe71ad31c207b97a5e109" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control max-age=600 x-amz-replication-status COMPLETED accept-ranges bytes x-amz-cf-id QugM6HpRn2B3utylHzCUB5JgYggUnvVnfpjNlzZi_MYrlEnAVE6B3w== content-length 112
GET H2	200	4181632975-national-rewards-may-june-23-june-ebooks-1-jpg.jpg www.plusrewards.com.au/darkroom/1500/83cd32287bf4a5a8c82ab2303800c069:afce85c6aac9970ac553d827b570f031/	169 KB 169 KB	178ms 178ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/83cd32287bf4a5a8c82ab2303800c069:afce85c6aac9970ac553d827b570f031/4181632975-national-rewards-may-june-23-june-ebooks-1-jpg.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 231e039a4f87002b174222316ad98fa3c8bbd8b25f3e054635aecfd0e25e51b4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 71662 authorized-request /1500/83cd32287bf4a5a8c82ab2303800c069:afce85c6aac9970ac553d827b570f031/4181632975-national-rewards-may-june-23-june-ebooks-1-jpg.webp x-clock-cacheable NO:Cookie content-length 172688 x-webworker active d-cache MISS, HIT last-modified Sun, 04 Jun 2023 23:27:27 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2by3iNLEZ3UYNWUMT0dNsDeFDtTg%2FkxkRLlLYReUWVgLDzzULa%2Ff8A7T2YeWARt5rpmB1SEfkZJAtZ9bBn9Qnd4FK3A5%2Fc6RmNR9IhYJy2LrNNIvs8IdHj1sCsQL1TiE01YAjTPZONE%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 94026045 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac954eeed6a5d-SYD
GET H2	200	charter-bold.woff2 www.plusrewards.com.au/assets/fonts/charter/	15 KB 15 KB	173ms 173ms	Font font/woff2	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/fonts/charter/charter-bold.woff2 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/index-rewards.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca14510c9c719c3d07bb457eb2e914f48e942fc1e6906c03008197559e03b5f9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/index-rewards.css Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5258090 x-clock-cacheable YES content-length 15164 x-response-time 5.096ms last-modified Wed, 23 Nov 2022 17:21:37 GMT server cloudflare etag W/"3b3c-184a58264e8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bytW4aPasgOwq8ujnJqwb99REkfKtl7OEUAbgQZb1gss9yhds7%2BMv%2FsTlLAOvtrYNqO6H27xg4ca3fslx610awQx77pxWWynqm2G4DKQx257ydD1GPxF%2B0OC%2FBu1GBUDTzkxQdkQkc%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 x-varnish 81489663 66843256 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7d2ac954dee66a5d-SYD
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	711ms 312ms	Font font/woff2	74.125.200.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.200.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f94.1e100.net Software sffe / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Tue, 30 May 2023 22:50:56 GMT x-content-type-options nosniff age 505912 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12924 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:02:31 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 29 May 2024 22:50:56 GMT
GET H2	200	rollerscript-smooth.woff2 www.plusrewards.com.au/assets/fonts/rollerscript/	115 KB 115 KB	175ms 174ms	Font application/font-woff2	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/fonts/rollerscript/rollerscript-smooth.woff2 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/index-rewards.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a5128f3f03a9ae9f18f02f1981e916854f9a95a29f319b9d7ca8407df00ae53 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.plusrewards.com.au/assets/css/7468861eb4a4bbc2ee20effa31fb2827/index-rewards.css Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:48 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 18971595 x-clock-cacheable YES content-length 117392 x-response-time 1.263ms last-modified Wed, 22 Dec 2021 09:50:17 GMT server cloudflare etag W/"1ca90-17de18c724f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tecGF2v1Qg5AgcItbJpkMG2wpyTeA1%2FhrRJPYSzoOddYLfCleiQQs1skarkV8kAjQZplTW6eGOOnGhRyUsTm%2F4GaDpHrUn48CDuwyme0dTmB5a8B07iZyogq6lScNiEPRgIB45uThJ0%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff2 x-varnish 53186309 262157 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7d2ac954dee76a5d-SYD
GET H2	200	utrack.js Show response tags.news.com.au/prod/utrack/	2 KB 1 KB	1335ms 338ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/utrack/utrack.js?cb=16859929695590.08427958360882659 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 364e39d99dfeb63e27a5361e117d335031b5c50ac54e8298f42f6cfde929552a Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:50 GMT content-encoding gzip server AkamaiNetStorage etag "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type application/x-javascript cache-control max-age=0, no-cache, no-store content-length 833 expires Mon, 05 Jun 2023 19:22:50 GMT
GET H2	200	mitas.js Show response tags.news.com.au/prod/mitas/	666 B 896 B	745ms 335ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/mitas/mitas.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers content-type application/x-javascript date Mon, 05 Jun 2023 19:22:50 GMT cache-control max-age=45787 server AkamaiNetStorage etag "83a2bbd4d3829f1d4278f4ff0988804c:1490850995" content-length 666 p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
GET H2	200	gdpr_user_check.esi Show response tags.news.com.au/prod/data-esi/top/	65 B 398 B	1364ms 344ms	XHR text/plain	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiGHost / Resource Hash 0061754f19243844ed8ede72b4150a852ddd8accbf33f905662ece0d4f4f168c Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:50 GMT server AkamaiGHost etag "519053bf13ef3980b8829a5ec0f4dbc4:1638256850.601476" vary Origin, Origin, Origin p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type text/plain access-control-allow-origin https://www.plusrewards.com.au cache-control max-age=0, no-cache content-length 65 mime-version 1.0 expires Mon, 05 Jun 2023 19:22:50 GMT
GET H2	200	rampart.js Show response www.news.com.au/remote/identity/rampart/latest/	289 KB 85 KB	1580ms 462ms	Script application/x-javascript	23.207.180.112 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/remote/identity/rampart/latest/rampart.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/js/build/83fc5d42265766b8bdf30b4918d36050/base.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.112 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-112.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 88d6a54b11051855551c995388d2e8ace828188a41f201b4c77fc721bc536e36 Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip date Mon, 05 Jun 2023 19:22:51 GMT server AkamaiNetStorage etag "b54775a0a21a66e451109802cf36c46c:1685338643.533073" vary User-Agent, Accept-Encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports content-type application/x-javascript cache-control max-age=133 is-https true x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; expires Mon, 05 Jun 2023 19:25:04 GMT
GET H2	200	Serving Show response bs.serving-sys.com/	384 B 869 B	1247ms 338ms	Script text/html	54.255.160.67 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bs.serving-sys.com/Serving?cn=ot&onetagid=9625&dispType=js&sync=0&sessionid=4714893711435961860&pageurl=$$https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph$$&activityValues=$$Session%3D1547897312994343583$$&ns=0&rnd=1481279798782036&uinadv=%7B%7D&ccpastatus=1 Requested by Host: secure-ds.serving-sys.com URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.255.160.67 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-255-160-67.ap-southeast-1.compute.amazonaws.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 247ad721110dd59af4a7c888d3d00e52d3ef7a4ac3315699a1f596263409dbde Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:51 GMT content-encoding gzip server Microsoft-IIS/10.0 x-powered-by ASP.NET content-type text/html; charset=UTF-8 access-control-allow-origin * p3p CP="NOI DEVa OUR BUS UNI" cache-control no-cache, no-store content-length 289 expires Sun, 05-Jun-2005 22:00:00 GMT
GET H2	200	808387116198479 Show response connect.facebook.net/signals/config/	300 KB 86 KB	567ms 566ms	Script application/x-javascript	157.240.235.1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/808387116198479?v=2.9.106&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-04-sin6.fbcdn.net Software / Resource Hash e0755149df409d34d002367f70fdf59872d72a8b37d603c40c86cce56c277061 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 05 Jun 2023 19:22:51 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug eFaBJjXCSAWXEgJRfwvw5gRaIV6EHUj9i47L7AechAGVuVH8nUQFJRjw6zYqgq6sC7YmzIOFalBrUlm4hS1oxw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	tad.js Show response tags.news.com.au/prod/tad/	111 KB 34 KB	930ms 930ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/tad/tad.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 78ce242f06e80599aeb8b75ca2a2c36cd93987a780a0cd25425498cd41170d69 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:51 GMT content-encoding gzip server AkamaiNetStorage etag "ed50341af2f4c2a39bbb735192c85fad:1685589099.251397" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type application/x-javascript cache-control max-age=75970 content-length 34098
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	76 KB 25 KB	1796ms 966ms	Script text/javascript	74.125.130.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.130.157 Nashville, United States, ASN15169 (GOOGLE, US), Reverse DNS sb-in-f157.1e100.net Software cafe / Resource Hash cc945e9cc021be3d53755f2684c97f2b6e69e78c2f9212391498596426922a19 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:53 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 25318 x-xss-protection 0 server cafe etag 69 / 19513 / m202305300101 / config-hash: 675133719296926174 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * expires Mon, 05 Jun 2023 19:22:53 GMT
GET H2	200	metrics.js Show response tags.news.com.au/prod/metrics/	184 KB 62 KB	406ms 406ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/metrics/metrics.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash cd411caaee7c733619f3385da039070824a33ca4ba07e5153fc645f131a39f71 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:51 GMT content-encoding gzip server AkamaiNetStorage etag "1a2a78fb3499c9c41d77b734199b0d5f:1685938148.83857" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type application/x-javascript cache-control max-age=31581
GET H2	200	nielsen.js Show response tags.news.com.au/prod/nielsen/	25 KB 10 KB	357ms 357ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/nielsen/nielsen.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 002856eb594d2755e967afbc01ed1d8cfcc4232f4abfe714a5b8a9b55a367258 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:51 GMT content-encoding gzip server AkamaiNetStorage etag "ecacc4b7d71d3eee8eaca9fbb3295f91:1638242930.652258" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type application/x-javascript cache-control max-age=74203 content-length 9840
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	1082ms 260ms	Script text/javascript	142.251.10.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.97 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f97.1e100.net Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 05 Jun 2023 18:06:16 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 4596 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17168 expires Mon, 05 Jun 2023 20:06:16 GMT
GET H2	200	embed.js Show response nebula-cdn.kampyle.com/au/wau/132224/onsite/	1 KB 971 B	928ms 305ms	Script application/javascript	151.101.193.175 FASTLY
General Check archive.org Show headers Download Go to Full URL https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.193.175 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash efe60b6928a0f370aa2ebbcf726337ddece82b8350fc012476e434b91e665cf4 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id mX8fMBiKSjQoqAMs3ORgCtaWppS1_CNL content-encoding gzip via 1.1 varnish date Mon, 05 Jun 2023 19:22:52 GMT strict-transport-security max-age=31557600 x-amz-request-id 50HP8ZKV27Z8190T x-amz-server-side-encryption AES256 x-cache HIT content-length 520 x-amz-id-2 n8Ft6LJXCnPbM+2tjj5kx6R4/qlDs/JtS6K5LHNy+DYKInAhaeGix6MB2sHTv50RV/a5tGlh7KI= x-served-by cache-bfi-kbfi7400071-BFI last-modified Mon, 01 May 2023 02:35:02 GMT server AmazonS3 x-timer S1685992972.408559,VS0,VE0 etag "48ec641db42f1901c86d5cb54cefdce7" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=0,must-revalidate accept-ranges bytes x-cache-hits 1820
GET H2	200	nca_ipsos.js Show response tags.news.com.au/prod/ipsos/	26 KB 6 KB	706ms 706ms	Script application/x-javascript	23.207.180.192 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/ipsos/nca_ipsos.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.207.180.192 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-207-180-192.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 7f3c6b58f7c57e2b2b1bb8e49260fe50e7366d3eadebc1414f53fb6c7854d9b2 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:52 GMT content-encoding gzip server AkamaiNetStorage etag "83e3b56b9ff0bdc4a86e195e823387bf:1677561534.235209" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" content-type application/x-javascript cache-control max-age=25333 content-length 6160
GET H2	200	utag.v.js Show response tags.tiqcdn.com/utag/tiqapp/	2 B 430 B	334ms 333ms	Script application/javascript	52.84.251.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/dt.wl/202207210618&cb=1685992971633 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/dt.wl/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.84.251.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-84-251-107.sin5.r.cloudfront.net Software AmazonS3 / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id 2XUX04X5QEw0.xFya64khU._sHTRl_Pz date Mon, 05 Jun 2023 19:20:32 GMT via 1.1 80a9a66193c3e6350d12faf1c397c974.cloudfront.net (CloudFront) x-amz-cf-pop SIN5-C1 age 141 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 2 last-modified Sat, 11 Mar 2023 06:57:46 GMT server AmazonS3 etag "7bc0ee636b3b83484fc3b9348863bd22" vary Accept-Encoding content-type application/javascript cache-control max-age=300 accept-ranges bytes x-amz-cf-id bDlVqr-cvUNKWvxPjE9-ze_lB0U1CBfaGKsEAe8MjJuE2I0FSPpTIA==
GET H2	200	P5A1ABC62-BAAA-43C4-8D63-3665F832DAEE.js Show response cdn-gl.imrworldwide.com/conf/	32 KB 7 KB	1418ms 343ms	Script application/javascript	13.224.249.80 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/conf/P5A1ABC62-BAAA-43C4-8D63-3665F832DAEE.js Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/nielsen/nielsen.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.249.80 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-249-80.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash 40adf277c611331dca48c47b2f1c138968e49154ab59d1c781584bb6281a7697 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id jhXaE2xzvkY32h9uUemjUT4Z8CrKfTMV content-encoding gzip via 1.1 db8d6eb1919ade2943f4a573a505ba66.cloudfront.net (CloudFront) date Mon, 05 Jun 2023 19:02:48 GMT last-modified Mon, 05 Jun 2023 17:17:03 GMT server AmazonS3 x-amz-cf-pop SIN52-C2 age 1206 x-amz-server-side-encryption AES256 etag W/"510bd557d8494fce60ab8ad2204ed69b" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=86400,s-maxage=86400 x-amz-cf-id R5XlTKeUJsQjMQQqmzgfz-XyCgNZHZSiv7a-LOwFpqr5R8B6Zz2Yjw==
GET H2	200	/ www.facebook.com/tr/	0 185 B	1301ms 332ms	Image text/plain	157.240.235.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=808387116198479&ev=PageView&dl=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&rl=&if=false&ts=1685992972558&sw=1600&sh=1200&v=2.9.106&r=stable&ec=0&o=30&fbp=fb.2.1685992972557.872627532&it=1685992971385&coo=false&rqm=GET Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.235.35 , Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-04-sin6.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Mon, 05 Jun 2023 19:22:53 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H/1.1	200 OK	rd Show response dpm.demdex.net/id/ Redirect Chain https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573 https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573	5 KB 2 KB	337ms 336ms	XHR application/json	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash f3de00259fe6eb5d7ab79df058c0194feec1fa892236e0834e2d43dea3f262b5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcscanary-prod-usw2-1-v058-0830560e1.edge-usw2.demdex.com 10 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID zvU+lI3RTqY= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.plusrewards.com.au Content-Type application/json;charset=utf-8 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 1564 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers DCS dcs-prod-usw2-2-v044-08d878314.edge-usw2.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID 3PHlKKgLSX4= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.plusrewards.com.au Location https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1685992972573 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	authorize Show response login.newscorpaustralia.com/ Frame 98B8	2 KB 3 KB	1567ms 558ms	Document text/html	118.215.80.114 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/authorize?client_id=w6UcQBn6GV4T3yruKfGKaSeMdXC66oM6&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.plusrewards.com.au%2Fauth%2Fcallback&state=kx61NDu3sEsEQomIXLzA88fnHdynuwSI&nonce=vysdz.EyymZRp~bppZP49JVsPkCasv9s&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4yMC4yIn0%3D Requested by Host: www.news.com.au URL: https://www.news.com.au/remote/identity/rampart/latest/rampart.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 118.215.80.114 , Singapore, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a118-215-80-114.deploy.static.akamaitechnologies.com Software cloudflare / Resource Hash b21d52920b25ca06799d987e4150a2d63a68c687c67172f8726541fc9397d88d Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 7d2ac976af403f63-SIN content-encoding gzip content-length 933 content-security-policy-report-only frame-ancestors 'self'; report-uri https://login.newscorpaustralia.com/csp-reports content-type text/html;charset=UTF-8 date Mon, 05 Jun 2023 19:22:54 GMT expires Mon, 05 Jun 2023 19:22:54 GMT ot-baggage-auth0-request-id 7d2ac976af403f63 ot-tracer-sampled true ot-tracer-spanid 6a05e93179674cf7 ot-tracer-traceid 654e481e699a63be pragma no-cache server cloudflare strict-transport-security max-age=31536000 traceparent 00-0000000000000000654e481e699a63be-6a05e93179674cf7-01 tracestate auth0-request-id=7d2ac976af403f63,auth0=true vary Accept-Encoding x-akamai-transformed 9 589 0 pmb=mTOE,4 x-auth0-requestid 504666fbe8eacf4c6a4a x-content-type-options nosniff x-ratelimit-limit 1000 x-ratelimit-remaining 999 x-ratelimit-reset 1685992974
GET H2	200	door.js Show response au-script.dotmetrics.net/	10 KB 4 KB	1155ms 430ms	Script application/javascript	54.192.150.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/door.js?id=13061 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/ipsos/nca_ipsos.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-4.sin2.r.cloudfront.net Software Kestrel / Resource Hash 52ba281126f04202a6685d1ce624ee0425d37087b38ae0d316b3db1fc7cfae41 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:53 GMT content-encoding br via 1.1 fe526590cbb2126b4baee2eb7ee38048.cloudfront.net (CloudFront) server Kestrel x-amz-cf-pop SIN2-C1 etag "13061...225.2023060519" vary Accept-Encoding x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" content-type application/javascript cache-control private x-amz-cf-id sriJWKcCajpXfmR0cwNUOjG-BCQqJl4ZR5bEl8sVwU4REEjaBNxJDw==
GET H2	200	collect stats.g.doubleclick.net/r/ Redirect Chain https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1143484772&utmhn=www.plusrewards.com.au&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utm... https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=852457826.1685992973&jid=2002281367&_v=5.7.2&z=1143484772	35 B 337 B	1082ms 260ms	Image image/gif	74.125.200.157 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=852457826.1685992973&jid=2002281367&_v=5.7.2&z=1143484772 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Server 74.125.200.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f157.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 05 Jun 2023 19:22:54 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 05 Jun 2023 19:22:53 GMT last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/html; charset=UTF-8 location https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=852457826.1685992973&jid=2002281367&_v=5.7.2&z=1143484772 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 370 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 31 B	333ms 333ms	Image text/plain	157.240.235.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=808387116198479&ev=Microdata&dl=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&rl=&if=false&ts=1685992973061&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Home%20%7C%20%2BRewards%22%2C%22meta%3Adescription%22%3A%22%20The%20official%20website%20of%20%2BRewards%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Aimage%3Aurl%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Asite_name%22%3A%22The%20Australian%20%26%20Plus%20Rewards%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.106&r=stable&ec=1&o=30&fbp=fb.2.1685992972557.872627532&it=1685992971385&coo=false&es=automatic&tm=3&rqm=GET Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.235.35 , Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-04-sin6.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Mon, 05 Jun 2023 19:22:53 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	pubads_impl.js Show response securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/	408 KB 126 KB	260ms 260ms	Script text/javascript	74.125.130.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.130.157 Nashville, United States, ASN15169 (GOOGLE, US), Reverse DNS sb-in-f157.1e100.net Software cafe / Resource Hash 325be98d467be29fd7b3d1c36f2e137806b171ca7d73ef3b535e198ec0bd1dc1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:07:28 GMT content-encoding br x-content-type-options nosniff age 29726 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 128806 x-xss-protection 0 server cafe etag 8074574313080668351 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 timing-allow-origin * expires Tue, 04 Jun 2024 11:07:28 GMT
GET H2	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	60 B 593 B	1082ms 262ms	XHR application/json	74.125.130.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.plusrewards.com.au Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.130.157 Nashville, United States, ASN15169 (GOOGLE, US), Reverse DNS sb-in-f157.1e100.net Software cafe / Resource Hash de5304209badeb036d13dba7afe925834b70bd9e91cecea63b23cf27fd01103e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:54 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 50 x-xss-protection 0 expires Mon, 05 Jun 2023 19:22:54 GMT
GET H2	200	hit.gif au-script.dotmetrics.net/	43 B 1 KB	613ms 613ms	Image image/gif	54.192.150.4 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://au-script.dotmetrics.net/hit.gif?id=13061&url=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&dom=www.plusrewards.com.au&r=1685992973939&pvs=1&pvid=18e042aa-52a6-44ff-8f48-5f36847fb0ae&c=true&tzOffset=0&doorUrl=http%3a%2f%2fau-script.dotmetrics.net%2fdoor.js%3fid%3d13061 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-4.sin2.r.cloudfront.net Software Kestrel / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:54 GMT dotmetrics-hit-status 05 DOMAIN_INVALID via 1.1 fe526590cbb2126b4baee2eb7ee38048.cloudfront.net (CloudFront) server Kestrel x-amz-cf-pop SIN2-C1 x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" content-type image/gif cache-control no-cache x-amz-cf-id _1w7In06IpB8k_lIz4irOHQKhuYlDKJyVWUdBufsKuasVQa0C2ynow==
GET H2	200	hit.gif rm-script.dotmetrics.net/	807 B 1 KB	1365ms 333ms	Image image/gif	13.224.249.127 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://rm-script.dotmetrics.net/hit.gif?id=13061&url=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&dom=www.plusrewards.com.au&r=1685992973939&pvs=1&pvid=18e042aa-52a6-44ff-8f48-5f36847fb0ae&c=true&tzOffset=0 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.249.127 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-249-127.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash 0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 01:46:08 GMT via 1.1 08244b1866fe32276ce5a76c3d8b5ec6.cloudfront.net (CloudFront) last-modified Tue, 18 Apr 2023 12:25:02 GMT server AmazonS3 x-amz-cf-pop SIN52-C2 age 63408 x-amz-server-side-encryption AES256 etag "e4f758e6322c8f8abfa1f6eba71ee873" vary Accept-Encoding x-cache Hit from cloudfront content-type image/gif cache-control max-age=86400 accept-ranges bytes content-length 807 x-amz-cf-id ies2HUJcx1ZveU4GJ3vmHGNbBomRiBZYXc-7ssbaz-mbKNh8WAnzRw==
GET H2	200	nlsSDK600.bundle.min.js Show response cdn-gl.imrworldwide.com/novms/js/2/	199 KB 56 KB	389ms 389ms	Script application/javascript	13.224.249.80 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/conf/P5A1ABC62-BAAA-43C4-8D63-3665F832DAEE.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.249.80 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-249-80.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash 767a456e2a3d977102a5a4224d43f77ca39d3e196d21ba98e3849eb5061d1e5c Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id 9XZn6KLhlrb4pop8dhleD465xHHeKN6D content-encoding gzip via 1.1 db8d6eb1919ade2943f4a573a505ba66.cloudfront.net (CloudFront) date Mon, 05 Jun 2023 18:59:41 GMT x-amz-cf-pop SIN52-C2 age 1394 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Tue, 30 May 2023 12:59:00 GMT server AmazonS3 etag W/"f43d226b4110956140ab2e00da92026d" vary Accept-Encoding content-type application/javascript cache-control max-age=86400 x-amz-cf-id IjjeydKLQ6zTZd5S5SLv2VVJFnjs44zbSp7Mt0B06vmt3O0ydPoPeg==
GET H2	200	script.js Show response au-script.dotmetrics.net/Scripts/	33 KB 14 KB	653ms 653ms	Script application/javascript	54.192.150.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/Scripts/script.js?v=225 Requested by Host: au-script.dotmetrics.net URL: https://au-script.dotmetrics.net/door.js?id=13061 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-4.sin2.r.cloudfront.net Software Kestrel / Resource Hash 33c00a0b4da5039e824c7eb723b55d73f699419c6562fcb629c67f2ea02753da Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:55 GMT content-encoding br via 1.1 fe526590cbb2126b4baee2eb7ee38048.cloudfront.net (CloudFront) last-modified Mon, 15 May 2023 12:26:50 GMT server Kestrel x-amz-cf-pop SIN2-C1 etag "1d9872885f462ae" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript accept-ranges bytes x-amz-cf-id MOP5W6ncs3vc3NjZs9kNb5p8yaOrjciD_RDViWVvFO_UWlG8Fms-Sw==
POST H2	404	csp-reports login.newscorpaustralia.com/	0 0	1369ms 369ms	Other text/plain	118.215.80.114 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/csp-reports Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_256_GCM Server 118.215.80.114 , Singapore, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a118-215-80-114.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/csp-report Response headers
GET		3ef652ef login.newscorpaustralia.com/akam/13/ Frame 98B8	0 0
GET		EAUB login.newscorpaustralia.com/Ks5o/xxUM/cCx/xs-/w4Tw/7EV7khJhG27z/M01OIG1RMA/DSBuSjQl/ Frame 98B8	0 0
GET		sec-3-10.css login.newscorpaustralia.com/_sec/cp_challenge/ Frame 98B8	0 0
GET		sec-cpt-3-10.js login.newscorpaustralia.com/_sec/cp_challenge/ Frame 98B8	0 0
GET H2	200	gettyimages-1367957675-1.jpg www.plusrewards.com.au/darkroom/1500/619dc47461dd3684ebc6ff8aed150b96:a85f7eb1d9a744180d77852c940be034/	68 KB 69 KB	185ms 185ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/619dc47461dd3684ebc6ff8aed150b96:a85f7eb1d9a744180d77852c940be034/gettyimages-1367957675-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a6564ae560c5128f5456bf5f7ace31951a5b15ec2ee50fa2c64b80fd39713c6b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:54 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 70812 authorized-request /1500/619dc47461dd3684ebc6ff8aed150b96:a85f7eb1d9a744180d77852c940be034/gettyimages-1367957675-1.webp x-clock-cacheable NO:Cookie content-length 69746 x-webworker active d-cache MISS, HIT last-modified Sun, 04 Jun 2023 23:29:09 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJuiJwSk5UMHtdCzNiNw12CRuUukWmj6q5O%2Fo7UoTx%2FL4ifnTO8PWgoazAks9wExz9prUlNjpc27WnQukeXj7vknVUt%2BiJDryVJQG3JbXAzVleY1rVhJFsvLVla0iKDyhZTqs93AWEU%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 94274551 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac979af456a5d-SYD
GET H2	200	4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.jpg www.plusrewards.com.au/darkroom/1500/0d75703a651361dd3c3ac1189acb6eb5:72ef14dcc89d80973afd1ded63d9ab65/	29 KB 29 KB	187ms 187ms	Image image/webp	172.67.68.104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/0d75703a651361dd3c3ac1189acb6eb5:72ef14dcc89d80973afd1ded63d9ab65/4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.68.104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 95d0029cbdcf1a2e8b9f17045aac2cf598a2955f36ea5ac3879274dc6f584ae3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/dailytelegraph User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:54 GMT strict-transport-security max-age=31536000 via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 70812 authorized-request /1500/0d75703a651361dd3c3ac1189acb6eb5:72ef14dcc89d80973afd1ded63d9ab65/4181632975-national-rewards-may-june-23-samsung-phone-jpg-1.webp x-clock-cacheable NO:Cookie content-length 29458 x-webworker active d-cache MISS, HIT last-modified Sun, 07 May 2023 23:06:54 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nB9%2Fr3zCNWajdmG5YMhaHRgG6F3L8JCmz7ERkkVRoMrO0iqGiq8l2hRqJCIsjzai9vuCimxP3OkpgRDrkVFKiTDg78NFv1m%2BHwHJBGMlo4dEHIRM1YixhK5UM4v4af9ilA2q9tkEv0%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-varnish 94140044 cache-control max-age=315360000 accept-ranges bytes cf-ray 7d2ac979af466a5d-SYD
GET H/1.1	200 OK	dest5.html Show response newscorpau.demdex.net/ Frame BCBA	7 KB 3 KB	1395ms 328ms	Document text/html	52.89.167.178 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://newscorpau.demdex.net/dest5.html?d_nsid=0 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/metrics/metrics.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.89.167.178 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-89-167-178.us-west-2.compute.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 2791 Content-Type text/html;charset=UTF-8 DCS dcs-prod-usw2-2-v044-04ad8d2f4.edge-usw2.demdex.com 0 ms Expires Thu, 01 Jan 1970 00:00:00 UTC P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID 7RvEjJWDTyk= content-encoding gzip date Mon, 5 Jun 2023 19:22:55 GMT last-modified Wed, 10 May 2023 10:46:06 GMT vary accept-encoding
GET H2	200	id Show response metrics.plusrewards.com.au/	48 B 468 B	1269ms 416ms	XHR application/x-javascript	63.140.48.134 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://metrics.plusrewards.com.au/id?d_visid_ver=5.1.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=65570835034422046091764497254523176822&ts=1685992974402 Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.48.134 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software jag / Resource Hash 0f61c3e584aa418b582f40ae31229bad9c1edfca26234fea1988112a56383558 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 05 Jun 2023 19:22:55 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff server jag vary Origin content-type application/x-javascript;charset=utf-8 access-control-allow-origin https://www.plusrewards.com.au p3p CP="This is not a P3P policy" cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-length 48 x-xss-protection 1; mode=block
GET H/1.1	200 OK	ibs:dpid=411&dpuuid=ZH42EAAAAIt1GAN7 dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=65549869939737412751762118717038319212 https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZH42EAAAAIt1GAN7	42 B 942 B	334ms 334ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZH42EAAAAIt1GAN7 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-1-v044-03c3fb0c0.edge-usw2.demdex.com 9 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID EvVB5UvtQv4= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZH42EAAAAIt1GAN7 Date Mon, 05 Jun 2023 19:22:56 GMT Cache-Control no-cache Server AMO-cookiemap/1.1 Connection keep-alive Content-Length 0 P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
GET H2	200	integrator.js Show response adservice.google.com.au/adsid/	107 B 531 B	1085ms 261ms	Script application/javascript	74.125.68.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com.au/adsid/integrator.js?domain=www.plusrewards.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.68.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS sc-in-f157.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:55 GMT content-encoding gzip x-content-type-options nosniff server cafe content-type application/javascript; charset=UTF-8 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 456 B	1083ms 262ms	Script application/javascript	74.125.200.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.plusrewards.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.200.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f154.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:55 GMT content-encoding gzip x-content-type-options nosniff server cafe content-type application/javascript; charset=UTF-8 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 100 x-xss-protection 0
GET H2	200	ads Show response securepubads.g.doubleclick.net/gampad/	830 B 830 B	295ms 294ms	XHR text/plain	74.125.130.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?pvsid=406214648788511&correlator=1130799189672306&hxva=1&scor=2152500406267730&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fifs&iu_parts=5129%2Cndm.dtm%2Crewards&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=161992567&sfv=1-0-40&ists=1&prev_scp=pos%3D1&eri=1&cust_params=us%3Db%26s%3D0%26kw%3D%26sec1%3Drewards%26ksgmnt%3D%26siteview%3D1%26pagetype%3Doffers%26adl%3Dfalse%26abtest%3Da%26pvid%3D00000000000000000000000000000000-00000000000000000000000000000000-1685992971071-377527&sc=1&cookie_enabled=1&abxe=1&dt=1685992974935&lmt=1685992974&dlt=1685992966943&idt=7855&adxs=0&adys=4656&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&frm=20&vis=1&psz=1600x4656&msz=1600x0&fws=0&ohw=0&ga_vid=852457826.1685992973&ga_sid=1685992973&ga_hid=22915909&ga_fc=true Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.130.157 Nashville, United States, ASN15169 (GOOGLE, US), Reverse DNS sb-in-f157.1e100.net Software cafe / Resource Hash fdb494b399d277385af5b31b0094a29ea49eddea4808e88a2e83d5d8363391c0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:55 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 453 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.plusrewards.com.au cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response ff236328a4a0670888fcfe1c661892c5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2BB2	6 KB 3 KB	1093ms 261ms	Document text/html	142.251.12.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ff236328a4a0670888fcfe1c661892c5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.12.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS se-in-f132.1e100.net Software sffe / Resource Hash 468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, immutable, max-age=31536000 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Mon, 05 Jun 2023 19:22:55 GMT expires Tue, 04 Jun 2024 19:22:55 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	ls.html Show response cdn-gl.imrworldwide.com/novms/html/ Frame BFA4	12 KB 4 KB	340ms 340ms	Document text/html	13.224.249.80 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/html/ls.html Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.249.80 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-249-80.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1 Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers age 890 cache-control max-age=86400 content-encoding gzip content-type text/html date Mon, 05 Jun 2023 19:08:06 GMT etag W/"7fa83dfc7b78314b137e2eb13834daa7" last-modified Tue, 30 May 2023 12:58:59 GMT server AmazonS3 vary Accept-Encoding via 1.1 db8d6eb1919ade2943f4a573a505ba66.cloudfront.net (CloudFront) x-amz-cf-id XJUfilO0AODAh2KcF5cjoz_vovlE_lzTopaOybVpDhTf6Z4X_uboww== x-amz-cf-pop SIN52-C2 x-amz-server-side-encryption AES256 x-amz-version-id YXhTSJgyKCoiwHpg2kXt.Nw0qbnttgPu x-cache Hit from cloudfront
GET H2	200	SiteEvent.dotmetrics Show response au-script.dotmetrics.net/	18 B 1 KB	427ms 427ms	Script application/javascript	54.192.150.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/SiteEvent.dotmetrics?v=eyJpZCI6MTMwNjEsImZsIjp0cnVlLCJkb20iOiJ3d3cucGx1c3Jld2FyZHMuY29tLmF1IiwibHNvIjpudWxsLCJ1cmwiOiJodHRwczovL3d3dy5wbHVzcmV3YXJkcy5jb20uYXUvZGFpbHl0ZWxlZ3JhcGgiLCJydXJsIjoiIiwicHZpZCI6IjE4ZTA0MmFhLTUyYTYtNDRmZi04ZjQ4LTVmMzY4NDdmYjBhZSIsInR6T2Zmc2V0IjowLCJvc3MiOnRydWUsIm9zZXMiOnRydWV9&r=1685992975428 Requested by Host: au-script.dotmetrics.net URL: https://au-script.dotmetrics.net/Scripts/script.js?v=225 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-4.sin2.r.cloudfront.net Software Kestrel / Resource Hash 7153de840f0ead8b0b5015d3f47ae25c347476e0a24b851bb5ab0831c58a0226 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:56 GMT content-encoding br via 1.1 fe526590cbb2126b4baee2eb7ee38048.cloudfront.net (CloudFront) server Kestrel x-amz-cf-pop SIN2-C1 vary Accept-Encoding x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" content-type application/javascript cache-control no-cache x-amz-cf-id UcH-Th0UGYmGCwdSWkjgGzU0UupcxZMo4xBO4Z-Hj92FvUu1Vt-LRw==
GET H/1.1	200 OK	id Show response dpm.demdex.net/	5 KB 2 KB	348ms 348ms	XHR application/json	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=65570835034422046091764497254523176822&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1685992975674 Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash a824a09d7130183e9fd089716bce4893acc5b56cd996cd3d47b1cf45b33ef70f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers DCS dcs-prod-usw2-2-v044-00bfed226.edge-usw2.demdex.com 20 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID 16+lViLZTCc= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.plusrewards.com.au Content-Type application/json;charset=utf-8 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 1564 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/ Frame BFA4	44 B 721 B	1254ms 335ms	Image image/gif	52.77.49.226 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P5A1ABC62-BAAA-43C4-8D63-3665F832DAEE&sessionId=gl7lwrcznajjva9wbl2oazbhpmxzf1685992975&c16=sdkv,bj.6.0.0&uoo=&fp_id=temltemraaqngieckva91daldnfh81685992975&fp_cr_tm=1685992975351&fp_acc_tm=1685992975351&fp_emm_tm=1685992975351&ve_id=&c30=bldv,6.0.0.663&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.77.49.226 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-77-49-226.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers accept-language en-AU,en;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:56 GMT server nginx accept-ch Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" content-type image/gif access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	200	/ gl7lwrcznajjva9wbl2oazbhpmxzf1685992975.nuid.imrworldwide.com/ Frame BFA4	35 B 349 B	1566ms 412ms	Image image/gif	54.192.150.93 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://gl7lwrcznajjva9wbl2oazbhpmxzf1685992975.nuid.imrworldwide.com/ Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.93 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-93.sin2.r.cloudfront.net Software AmazonS3 / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers accept-language en-AU,en;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 17:02:19 GMT via 1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront) last-modified Tue, 11 Sep 2018 17:05:20 GMT server AmazonS3 x-amz-cf-pop SIN2-C1 age 8439 etag "c2196de8ba412c60c22ab491af7b1409" x-cache Hit from cloudfront content-type image/gif accept-ranges bytes content-length 35 x-amz-cf-id KTFYnDBsi_ZEjAxwc7t4ryghQMp4ypk2K6lLO4uKAW0OehBdvxuWEw==
GET H/1.1	200 OK	ibs:dpid=358&dpuuid=697380763464048060 dpm.demdex.net/ Frame BCBA Redirect Chain https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID https://dpm.demdex.net/ibs:dpid=358&dpuuid=697380763464048060	42 B 942 B	328ms 328ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=358&dpuuid=697380763464048060 Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-1-v044-0fcbb3a0d.edge-usw2.demdex.com 3 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 9NunI5xHSwU= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Date Mon, 05 Jun 2023 19:22:57 GMT P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Connection keep-alive X-Proxy-Origin 66.203.112.166; 66.203.112.166; 906.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com Content-Length 0 X-XSS-Protection 0 Pragma no-cache AN-X-Request-Uuid e4aad3d4-b98c-4384-b3c5-b3d645ac38e2 Server nginx/1.23.2 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin * Location https://dpm.demdex.net/ibs:dpid=358&dpuuid=697380763464048060 Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=470&dpuuid=3442145311348120818 dpm.demdex.net/ Frame BCBA Redirect Chain https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D https://dpm.demdex.net/ibs:dpid=470&dpuuid=3442145311348120818	42 B 942 B	331ms 330ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=470&dpuuid=3442145311348120818 Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-1-v044-07a6e78a4.edge-usw2.demdex.com 3 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID LVZEYOCfQxE= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=470&dpuuid=3442145311348120818 pragma no-cache date Mon, 05 Jun 2023 19:22:57 GMT cache-control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 content-length 0 p3p policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
GET H/1.1	204 No Content	token token.rubiconproject.com/ Frame BCBA	0 717 B	1381ms 334ms	Image text/plain	69.173.158.64 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://token.rubiconproject.com/token?pid=6404&puid=65549869939737412751762118717038319212&gdpr=0&gdpr_consent= Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Expires 0 Pragma no-cache Cache-Control no-cache,no-store,must-revalidate X-RPHost 0ed95c36ed1932be3ba76fc523a6e179 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	s06196581718835 Show response metrics.plusrewards.com.au/b/ss/newscorpau-teleweb,newscorpau-global/10/JS-2.22.4/	5 KB 5 KB	588ms 588ms	Script application/x-javascript	63.140.48.134 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://metrics.plusrewards.com.au/b/ss/newscorpau-teleweb,newscorpau-global/10/JS-2.22.4/s06196581718835?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=5%2F5%2F2023%2019%3A22%3A56%201%200&d.&nsid=0&jsonv=1&.d&mid=65570835034422046091764497254523176822&aamlh=9&ce=UTF-8&ns=newscorpau&cdp=3&pageName=dt%7Crewards%7Coffers%7Crewards%20offers&g=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&c.&getNewRepeat=3.0&getTimeSinceLastVisit=2.0&getPreviousValue=3.0&getPercentPageViewed=5.0.1&getTimeParting=6.3&.c&cc=AUD&ch=D%3Dv4&events=event1%2Cevent8%2Cevent63%3D66&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=D%3Dv1&v1=news%20corp%20au&h1=news%20corp%20au%7Cdaily%20telegraph%7Cdaily%20telegraph%20web%7Crewards&c2=D%3Dv2&v2=daily%20telegraph&c3=D%3Dv3&v3=daily%20telegraph%20web&c4=D%3Dv4&v4=rewards&c9=D%3Dv9&v9=offers&c10=D%3Dg&v10=D%3DpageName&c11=D%3Dv11&v11=D%3Dvid&c14=D%3Dv14&v14=anonymous&c22=D%3Dv22&v22=5%3A22%20AM%7CTuesday&c24=D%3Dv24&v24=New&c30=New%20Visitor&v34=D%3Dg&c45=landscape&c46=D%3Dv46&v46=not%20logged%20in&v52=1600x1200%7Cwindows%7C10&c60=D%3Dv60&v60=66&c65=D%3Dv65&v65=false&c75=D%3Dv80&v76=chrome%20pdf%20plugin%3Bchrome%20pdf%20viewer%3Bnative%20client&v77=D%3Dmid&v78=au%7Cnsw%7Csydney%7C-33.88%7C151.22%7Cgmt%2B10%7Cunknown&v79=au&v80=00000000000000000000000000000000-00000000000000000000000000000000-1685992971071-377527&v111=0&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&AQE=1 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/metrics/metrics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.48.134 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software jag / Resource Hash a421bf573239ce1726098f312d718208dc7ba03c8259ec1e76fbea230d722d7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-aam-tid aW4uMHKNRAI= date Mon, 05 Jun 2023 19:22:56 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff p3p CP="This is not a P3P policy" content-length 5021 x-xss-protection 1; mode=block dcs dcs-prod-usw2-1-v044-00959fd5c.edge-usw2.demdex.com 8 ms pragma no-cache last-modified Tue, 06 Jun 2023 19:22:56 GMT server jag etag 3620642346735992832-4619589070596375112 vary * content-type application/x-javascript;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Sun, 04 Jun 2023 19:22:56 GMT
GET H/1.1	200 OK	ibs:dpid=771&dpuuid=CAESEK9hMuwlnyNVUs2W1U16aZM&google_cver=1 dpm.demdex.net/ Frame BCBA Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjU1NDk4Njk5Mzk3Mzc0MTI3NTE3NjIxMTg3MTcwMzgzMTkyMTI= https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK9hMuwlnyNVUs2W1U16aZM&google_cver=1?gdpr=0&gdpr_consent=	42 B 942 B	329ms 329ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK9hMuwlnyNVUs2W1U16aZM&google_cver=1?gdpr=0&gdpr_consent= Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-0bf16d9ed.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID FhGj5tl+S+k= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Mon, 05 Jun 2023 19:22:56 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK9hMuwlnyNVUs2W1U16aZM&google_cver=1?gdpr=0&gdpr_consent= p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 314 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=903&dpuuid=9ab2e35e-8a3d-485e-b134-4f790c86079f dpm.demdex.net/ Frame BCBA Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 https://dpm.demdex.net/ibs:dpid=903&dpuuid=9ab2e35e-8a3d-485e-b134-4f790c86079f	42 B 942 B	327ms 326ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=903&dpuuid=9ab2e35e-8a3d-485e-b134-4f790c86079f Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-073b76052.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID borZK7YURUo= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Mon, 05 Jun 2023 19:22:56 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://dpm.demdex.net/ibs:dpid=903&dpuuid=9ab2e35e-8a3d-485e-b134-4f790c86079f content-type text/html cache-control private,no-cache, must-revalidate content-length 189
GET H2	500	usersync.html image5.pubmatic.com/AdServer/usersync/ Frame BCBA	0 0	1092ms 340ms	Image text/html	104.65.228.208 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/dailytelegraph Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.65.228.208 , Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-65-228-208.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers
GET H/1.1	200 OK	ibs:dpid=23728&dpuuid=ZH42Es9CbPCawWApal4v9gAA%265327 dpm.demdex.net/ Frame BCBA Redirect Chain https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZH42Es9CbPCawWApal4v9gAA%265327	42 B 942 B	328ms 327ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZH42Es9CbPCawWApal4v9gAA%265327 Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-04ad8d2f4.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID xzlA8zq6R6Y= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Pragma no-cache Date Mon, 05 Jun 2023 19:22:58 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZH42Es9CbPCawWApal4v9gAA%265327 Cache-Control no-cache Connection Keep-Alive Keep-Alive timeout=1, max=499 Content-Length 0 Expires 0
GET H/1.1	200 OK	ibs:dpid=30432&dpuuid=CI-59df0a59210c34c5fdf84e9962bd687f dpm.demdex.net/ Frame BCBA Redirect Chain https://dt.scanscout.com/ssframework/uid?UIAA=65549869939737412751762118717038319212&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-59df0a59210c34c5fdf84e9962bd687f	42 B 942 B	534ms 328ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-59df0a59210c34c5fdf84e9962bd687f Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-0a42bb011.edge-usw2.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID Jycy5B+5TyU= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-59df0a59210c34c5fdf84e9962bd687f Date Mon, 05 Jun 2023 19:22:57 GMT useSecure true Server openresty/1.19.9.1 Connection keep-alive Content-Length 43 Content-Type image/gif
GET H/1.1	200 OK	ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D dpm.demdex.net/ Frame BCBA Redirect Chain https://ps.eyeota.net/match?bid=6j5b2cv&uid=65549869939737412751762118717038319212&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=65549869939737412751762118717038319212&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D	42 B 960 B	326ms 326ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-2-v044-0ae2e2352.edge-usw2.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID NaY9Wk31R30= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private X-Error 303,104 Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv} Date Mon, 05 Jun 2023 19:22:58 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
GET H2	204	usermatch.gif beacon.krxd.net/ Frame BCBA Redirect Chain https://usermatch.krxd.net/um/v2?partner=adobe&id=65549869939737412751762118717038319212 https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=65549869939737412751762118717038319212	0 338 B	990ms 320ms	Image text/plain	52.11.15.1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=65549869939737412751762118717038319212 Protocol H2 Server 52.11.15.1 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-11-15-1.us-west-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-served-by beacon-n009-pdx-prod.krxd.net date Mon, 05 Jun 2023 19:22:59 GMT cache-control private, no-cache, no-store x-request-time D=36 t=1685992979 p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Redirect headers location https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=65549869939737412751762118717038319212 date Mon, 05 Jun 2023 19:22:58 GMT x-cache-hits 0 x-age 0 content-length 0 x-cache MISS x-served-by usermatch-a005-ash-prod.krxd.net
GET H2	200	generic1682908500556.js Show response nebula-cdn.kampyle.com/au/wau/132224/onsite/	497 KB 89 KB	306ms 306ms	Script application/javascript	151.101.193.175 FASTLY
General Check archive.org Show headers Download Go to Full URL https://nebula-cdn.kampyle.com/au/wau/132224/onsite/generic1682908500556.js Requested by Host: nebula-cdn.kampyle.com URL: https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.193.175 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash a7de4438ab82b711c5099dd9c757e54eb65222316a3c15d18dbc2aa268660ca6 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-amz-version-id EgRnU7PzhYIDYvzV5S2EGq_7NKTY_Sh0 content-encoding gzip via 1.1 varnish date Mon, 05 Jun 2023 19:22:56 GMT strict-transport-security max-age=31557600 x-amz-request-id 50HHNT41CXZR9NMX x-amz-server-side-encryption AES256 x-cache HIT content-length 90932 x-amz-id-2 oj/FwlKtpDuFe2gjpxSqu8x/IUwN3/ndEGCzBq9xWnYmeqNpWvNKNl62NV0lEkpmX5roENDy0hk= x-served-by cache-bfi-kbfi7400071-BFI last-modified Mon, 01 May 2023 02:35:01 GMT server AmazonS3 x-timer S1685992977.875330,VS0,VE0 etag "796c9ef1903b5217456928fdec376d3f" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=2592000 accept-ranges bytes x-cache-hits 426
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	15 KB 11 KB	1098ms 274ms	XHR application/json	142.251.10.155 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305300101&st=env Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f155.1e100.net Software cafe / Resource Hash f05b608dcae1da04f769bd346fe14312a9e8dc1ea4e5fb3056ff3d85924cad9d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:57 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11400 x-xss-protection 0
GET H/1.1	200 OK	ibs:dpid=134096&dpuuid=$_BK_UUID dpm.demdex.net/ Frame BCBA Redirect Chain https://tags.bluekai.com/site/43981?id=65549869939737412751762118717038319212&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID	42 B 960 B	328ms 328ms	Image image/gif	52.36.53.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID Protocol HTTP/1.1 Server 52.36.53.201 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-53-201.us-west-2.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers DCS dcs-prod-usw2-1-v044-06499cf25.edge-usw2.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID /0KrOv10RpI= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Content-Type image/gif Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private X-Error 104,303 Connection keep-alive Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID date Mon, 05 Jun 2023 19:22:58 GMT content-length 0 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
GET H2	200	pixel cm.g.doubleclick.net/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_... https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wkg0MkVBQUFBSXQxR0FONw==	170 B 243 B	264ms 263ms	Image image/png	74.125.200.157 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wkg0MkVBQUFBSXQxR0FONw== Protocol H2 Server 74.125.200.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f157.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:58 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers x-served-by cache-bfi-krnt7300090-BFI pragma no-cache date Mon, 05 Jun 2023 19:22:58 GMT via 1.1 varnish server Varnish x-timer S1685992978.208882,VS0,VE0 x-cache HIT location https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wkg0MkVBQUFBSXQxR0FONw== cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	tap.php pixel.rubiconproject.com/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZH42EAAAAIt1GAN7&expires=90	42 B 796 B	1340ms 334ms	Image image/gif	69.173.158.64 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZH42EAAAAIt1GAN7&expires=90 Protocol HTTP/1.1 Server 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Content-Type image/gif Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate content-length 42 X-RPHost 548ddf114c6f6bfbb66a4cdeb6a219f4 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Redirect headers x-served-by cache-bfi-krnt7300090-BFI pragma no-cache date Mon, 05 Jun 2023 19:22:58 GMT via 1.1 varnish server Varnish x-timer S1685992978.209023,VS0,VE0 x-cache HIT location https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZH42EAAAAIt1GAN7&expires=90 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7&C=1	43 B 766 B	409ms 408ms	Image image/gif	139.5.84.243 CASALE-MEDIA
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7&C=1 Protocol HTTP/1.1 Server 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA), Reverse DNS Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Pragma no-cache Date Mon, 05 Jun 2023 19:23:00 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Content-Type image/gif Cache-Control no-cache Connection Keep-Alive Keep-Alive timeout=1, max=499 Content-Length 43 Expires 0 Redirect headers Pragma no-cache Date Mon, 05 Jun 2023 19:22:59 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location /rum?cm_dsp_id=88&external_user_id=ZH42EAAAAIt1GAN7&C=1 Cache-Control no-cache Connection Keep-Alive Keep-Alive timeout=1, max=500 Content-Length 0 Expires 0
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D https://ib.adnxs.com/setuid?entity=158&code=ZH42EAAAAIt1GAN7	43 B 1 KB	315ms 314ms	Image image/gif	104.254.150.241 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=158&code=ZH42EAAAAIt1GAN7 Protocol HTTP/1.1 Server 104.254.150.241 Los Angeles, United States, ASN29990 (ASN-APPNEX, US), Reverse DNS 906.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net Software nginx/1.23.2 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Pragma no-cache Date Mon, 05 Jun 2023 19:22:58 GMT AN-X-Request-Uuid dc32a243-627b-4aba-8fec-696738097f7b Server nginx/1.23.2 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type image/gif P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive X-Proxy-Origin 66.203.112.166; 66.203.112.166; 906.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers x-served-by cache-bfi-krnt7300090-BFI pragma no-cache date Mon, 05 Jun 2023 19:22:58 GMT via 1.1 varnish server Varnish x-timer S1685992978.337952,VS0,VE0 x-cache HIT location https://ib.adnxs.com/setuid?entity=158&code=ZH42EAAAAIt1GAN7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	sd us-u.openx.net/w/1.0/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH42EAAAAIt1GAN7 https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=ZH42EAAAAIt1GAN7	43 B 171 B	264ms 263ms	Image image/gif	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=ZH42EAAAAIt1GAN7 Protocol H2 Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/0.0.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:59 GMT via 1.1 google server OXGW/0.0.0 vary Accept content-type image/gif p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers location https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=ZH42EAAAAIt1GAN7 date Mon, 05 Jun 2023 19:22:59 GMT via 1.1 google server OXGW/0.0.0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 p3p CP="CUR ADM OUR NOR STA NID"
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/	44 B 597 B	336ms 335ms	Image image/gif	52.77.49.226 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-102695&ch=au-102695_b09_dailytelegraph_S&asn=dailytelegraph&fp_id=temltemraaqngieckva91daldnfh81685992975&fp_cr_tm=1685992975351&fp_acc_tm=1685992975351&fp_emm_tm=1685992975351&ve_id=&sessionId=gl7lwrcznajjva9wbl2oazbhpmxzf1685992975&prv=1&c6=vc,b09&ca=NA&c13=asid,P5A1ABC62-BAAA-43C4-8D63-3665F832DAEE&c32=segA,NA&c33=segB,NA&c34=segC,DSK-OTT-WinPhn-OtherBrowser&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,qg6mcyzkj9innic3ajg0yvvx1c3xx1685992975&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,1685992975347404&c30=bldv,6.0.0.663&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1685992972039&c3=st,c&c64=starttm,1685992976&adid=1685992972039&c58=isLive,false&c59=sesid,&c61=createtm,1685992976&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.plusrewards.com.au%2Fdailytelegraph&c66=mediaurl,&sdd=&c62=sendTime,1685992976&rnd=852917 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.77.49.226 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-77-49-226.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:22:57 GMT server nginx accept-ch Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" content-type image/gif access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	200	Pug image2.pubmatic.com/AdServer/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER... https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZH42EAAAAIt1GAN7	1 B 450 B	1017ms 334ms	Image text/html	207.65.33.82
General Check archive.org Show headers Download Go to Show image Full URL https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZH42EAAAAIt1GAN7 Protocol H2 Server 207.65.33.82 -, , ASN (), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers content-type text/html; charset=utf-8 date Mon, 05 Jun 2023 19:22:59 GMT cache-control no-store, no-cache, private server nginx content-length 1 p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Redirect headers x-served-by cache-bfi-krnt7300090-BFI pragma no-cache date Mon, 05 Jun 2023 19:22:58 GMT via 1.1 varnish server Varnish x-timer S1685992979.873815,VS0,VE0 x-cache HIT location https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZH42EAAAAIt1GAN7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	__cool.gif udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/	0 318 B	711ms 365ms	Image image/gif	35.241.45.82 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNC4wLjU3MzUuOTAgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiV2luMzIiLCJwYWdlX3RpdGxlIjogIkhvbWUgfCArUmV3YXJkcyIsInBhZ2VfdXJsIjogImh0dHBzOi8vd3d3LnBsdXNyZXdhcmRzLmNvbS5hdS9kYWlseXRlbGVncmFwaCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjg1OTkyOTc3NTA0IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODg4ZDAzMzQ1NzUyMC0wMTcwYTNjODU3ZmM0OS0xNTM2MzY3MS0xZDRjMDAtMTg4OGQwMzM0NTgxMmUzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXN5ZDEiLCJhY2NvdW50SWQiOiAxMzIyMjIsInVybCI6ICJodHRwczovL3d3dy5wbHVzcmV3YXJkcy5jb20uYXUvZGFpbHl0ZWxlZ3JhcGgiLCJ3ZWJzaXRlSWQiOiAxMzIyMjQsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImYzNmUtY2U3Mi1mMzg3LWFkNzktNTk3Ny0wZjkzLTBkY2EtNTg3ZiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjg1OTkyOTc3NTAyIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDIwMjAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjUwLjIiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjUwLjIiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2ODU5OTI5Nzc1MDQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 82.45.241.35.bc.googleusercontent.com Software Jetty(9.2.11.v20150529) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-me prod-instance-gatewayservice-green-hm9n date Mon, 05 Jun 2023 19:22:58 GMT via 1.1 google server Jetty(9.2.11.v20150529) access-control-max-age 1800 access-control-allow-methods GET, POST, PUT, DELETE content-type image/gif; charset=UTF-8 access-control-allow-origin * access-control-allow-credentials true alt-svc clear access-control-allow-headers X-Requested-With, Origin, Content-Type, Accept content-length 0 x-application-context application:9090
GET H/1.1	200	partner sync.search.spotxchange.com/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1&__user_check__=1&sync_id=6269e68f-03d6-11ee-8092-1ff47b410207	43 B 548 B	336ms 336ms	Image image/gif	103.71.26.126
General Check archive.org Show headers Download Go to Show image Full URL https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1&__user_check__=1&sync_id=6269e68f-03d6-11ee-8092-1ff47b410207 Protocol HTTP/1.1 Server 103.71.26.126 -, , ASN (), Reverse DNS Software nginx / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Date Mon, 05 Jun 2023 19:23:00 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 56 Connection keep-alive Content-Length 43 Redirect headers Date Mon, 05 Jun 2023 19:23:00 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/plain Location /partner?adv_id=6409&uid=ZH42EAAAAIt1GAN7&img=1&__user_check__=1&sync_id=6269e68f-03d6-11ee-8092-1ff47b410207 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 53 Connection keep-alive Content-Length 0
GET H2	200	b.php www.facebook.com/fr/ Frame BCBA Redirect Chain https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZH42EAAAAIt1GAN7&t=2592000&o=0	43 B 839 B	532ms 532ms	Image image/gif	157.240.235.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZH42EAAAAIt1GAN7&t=2592000&o=0 Protocol H2 Server 157.240.235.35 , Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-04-sin6.facebook.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 12:22:59 PDT content-encoding br x-content-type-options nosniff strict-transport-security max-age=15552000; preload document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-fb-rlafr 0 pragma public x-fb-debug pnMr+/rBU57A1cZD1CQmqBK4Eu8PGHxZ57cBW1VtRmiNv6C1PNJyXwmjfsQC2IrtYcePAv/ByBiySl+vHRWMew== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} content-type image/gif origin-agent-cluster ?0 cache-control public, max-age=0 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Mon, 05 Jun 2023 12:22:59 PDT Redirect headers x-served-by cache-bfi-krnt7300090-BFI pragma no-cache date Mon, 05 Jun 2023 19:22:59 GMT via 1.1 varnish server Varnish x-timer S1685992979.295140,VS0,VE0 x-cache HIT location https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZH42EAAAAIt1GAN7&t=2592000&o=0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	cm trc.taboola.com/sg/adobe/1/ Frame BCBA	43 B 374 B	1767ms 368ms	Image image/gif	151.101.193.44
General Check archive.org Show headers Download Go to Show image Full URL https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.44 -, , ASN (), Reverse DNS Software nginx / Resource Hash 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers x-vcl-time-ms 49 pragma no-cache date Mon, 05 Jun 2023 19:23:00 GMT via 1.1 varnish x-served-by cache-bfi-krnt7300026-BFI server nginx x-timer S1685992981.727433,VS0,VE49 x-cache MISS p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" access-control-allow-origin * cache-control no-cache, no-store access-control-allow-credentials true accept-ranges bytes x-cache-hits 0
GET H2	204	0 sync.1rx.io/usersync/adobe/ Frame BCBA	0 99 B	970ms 320ms	Image text/plain	74.118.186.107
General Check archive.org Show headers Download Go to Show image Full URL https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.118.186.107 -, , ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers pragma no-cache date Mon, 05 Jun 2023 19:23:00 GMT cache-control no-store, no-cache, must-revalidate expires 0
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	1088ms 261ms	Script text/javascript	172.253.118.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.118.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS sl-in-f132.1e100.net Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:22:58 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Mon, 05 Jun 2023 19:22:58 GMT
GET H2	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame F264	13 KB 5 KB	262ms 260ms	Document text/html	172.253.118.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.118.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS sl-in-f132.1e100.net Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes age 289034 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 5046 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Fri, 02 Jun 2023 11:05:45 GMT expires Sat, 01 Jun 2024 11:05:45 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	aframe Show response www.google.com/recaptcha/api2/ Frame C5E4	783 B 1 KB	1089ms 263ms	Document text/html	74.125.130.99
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.130.99 -, , ASN (), Reverse DNS Software GSE / Resource Hash 3090a254d248d4313faa4aec5f04099023bb0521b09630954af7b8c28cffc3d2 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-LccyZCs5KgIF1uwnNkwXdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding gzip content-length 512 content-security-policy script-src 'report-sample' 'nonce-LccyZCs5KgIF1uwnNkwXdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Mon, 05 Jun 2023 19:22:59 GMT expires Mon, 05 Jun 2023 19:22:59 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	Grx7oFpFltq8b-fsl1vgPlw_mz8UVJv5RtxGiy-srTQ.js Show response pagead2.googlesyndication.com/bg/ Frame F264	37 KB 15 KB	1382ms 260ms	Script text/javascript	142.251.10.155 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/Grx7oFpFltq8b-fsl1vgPlw_mz8UVJv5RtxGiy-srTQ.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f155.1e100.net Software sffe / Resource Hash 1abc7ba05a4596dabc6fe7ec975be03e5c3f9b3f14549bf946dc468b2facad34 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 12:50:49 GMT content-encoding br x-content-type-options nosniff age 109931 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14484 x-xss-protection 0 last-modified Tue, 30 May 2023 11:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 03 Jun 2024 12:50:49 GMT
GET H2	204	sodar pagead2.googlesyndication.com/pagead/ Frame C5E4	0 0	264ms 264ms	Image text/html	142.251.10.155 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305300101&jk=406214648788511&rc= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f155.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers
GET H2	204	generate_204 tpc.googlesyndication.com/ Frame F264	0 40 B	259ms 259ms	Image text/plain	172.253.118.132 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?1GpSuw Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.118.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS sl-in-f132.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 19:23:00 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	204	sodar pagead2.googlesyndication.com/pagead/	0 0	312ms 312ms	Image text/html	142.251.10.155 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305300101&jk=406214648788511&bg=!goGlgdXNAAY9J7QfHSc7ADkAdvg8WkmwyVWZedwsMq9ILQxsE-26WX3CyWcLhHuYP4w-He4YTnUbZWhWLWIwTtPOBewGhZKY3_UCAAAAYFIAAAADaAEHmQLhRp4A4FMuVqv2qTN8N1TRpKYJwT0B3H4YQFyv7bBdUMRtS_8XvlMv-BeAz8ZipZkfBtguTe8iVfEWwDMgL6B0kQH3pOEUQbtdbExDnY3LA3X9VO3cBLNp_NtVk9M1nxtQw7jRn5vcfke6mPX3jrQKS1NXKDMaQBpYHBTFIU-1VufOWbSNHnpTKEjNOAxbr-NGJLdgQgMGc5QUqw2KiNYGFCrkrUjLLU7iAvoTRF-kER1DUsWqaDscKJ6rHnC5tzK_yqpagG4w96kK_1agfADw42VSqkYKqUK2dd2lru_Xlxy29ZsBkb6BrS17MZACgVLGMAjFeonI47MBamdPK5taKaeGrOdspgLKo8aziEzbAZRxwrf43czINJlOuG_K7wIXlfx6nr3Bh0UMbLP3YriHJB1EvmDBYTEMguY3AWyN6tFAYzFOzq4im6SXPAVRn62ZfPSpXeEyGIrWD9svPpEco8J9wWQSJGdU9SHc33sHW44mX7krfAgcXA2FZbpqYdkOl6V41PRN8NfQUjuxIRXL95NHAY6oLZ7bCU1EZ2JY9i6Q8ehHcGRrfJZ5mWvMQyEeInABjblNxKnJhL0CNrM6Jit9hkRfwn_ccv2GjCWJJYS0F2lbfMChSybIPaFJ_RsUydL0KT4f3D5aY0ryj2R8ZjCZFjjflanWd1HQHGakM028arcgTE1xxhFVoYlxx6O-xzhoYkRMjzIBSnb858fTwxvi289e1VQplfRocR3dWaYxut5LErHbFB-1i0zAtx99lbBRjN5hulZTZILhszOOL41uH18YNBwQFmbkrfCi_nqpr6F0AH0gGAbAfbcaxkA2GprzEmDamDFiibkiv5iNRec4nY2WSqEyQd4GKydrOpCpcVCKlSkMbDWXYWiRQAQo5u-xqN6HVFlbll5JfKjkn32aSSD-705xU_rD2BVjlMzfH5Jupz31Vgu_zFHabsggk1xHJQmLGsQ2-Y3pMp68sUY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f155.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/akam/13/3ef652ef

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/Ks5o/xxUM/cCx/xs-/w4Tw/7EV7khJhG27z/M01OIG1RMA/DSBuSjQl/EAUB

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/_sec/cp_challenge/sec-3-10.css

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/_sec/cp_challenge/sec-cpt-3-10.js