www.afr.com Open in urlscan Pro
2a04:4e42:400::645 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/rQhc1l9DjN
Effective URL:
https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Submission: On November 29 via api (November 29th 2021, 11:07:45 am UTC) from US — Scanned from DE

Summary HTTP 198 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 63 IPs in 10 countries across 50 domains to perform 198 HTTP transactions. The main IP is 2a04:4e42:400::645, located in United States and belongs to FASTLY, US. The main domain is www.afr.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 6th 2021. Valid for: a year.

This is the only time www.afr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
34	2a04:4e42:400... 2a04:4e42:400::645	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:5600:10:2964:9d00:21	16509 (AMAZON-02) (AMAZON-02)
10	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	104.96.92.79 104.96.92.79	16625 (AKAMAI-AS) (AKAMAI-AS)
6	13.238.96.192 13.238.96.192	16509 (AMAZON-02) (AMAZON-02)
1	158.101.193.104 158.101.193.104	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	13.32.22.92 13.32.22.92	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
2	138.201.125.235 138.201.125.235	24940 (HETZNER-AS) (HETZNER-AS)
1 3	34.252.91.197 34.252.91.197	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:214... 2600:9000:214f:1a00:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:b000:7:3896:c640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	18.169.85.185 18.169.85.185	16509 (AMAZON-02) (AMAZON-02)
1	13.32.22.49 13.32.22.49	16509 (AMAZON-02) (AMAZON-02)
2 2	2620:119:50e7... 2620:119:50e7:101::9002:e05	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	143.204.207.41 143.204.207.41	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:206... 2600:9000:206f:ea00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	13.238.165.50 13.238.165.50	16509 (AMAZON-02) (AMAZON-02)
12	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
11	52.208.201.194 52.208.201.194	16509 (AMAZON-02) (AMAZON-02)
2	23.21.180.34 23.21.180.34	14618 (AMAZON-AES) (AMAZON-AES)
1	65.9.7.60 65.9.7.60	16509 (AMAZON-02) (AMAZON-02)
4 5	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
2	54.73.127.110 54.73.127.110	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:e600:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
3 3	185.33.221.11 185.33.221.11	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1 4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3 3	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	34.197.14.190 34.197.14.190	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
2	52.65.130.251 52.65.130.251	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
3	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:6000:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	52.2.53.191 52.2.53.191	14618 (AMAZON-AES) (AMAZON-AES)
1 2	18.193.13.190 18.193.13.190	16509 (AMAZON-02) (AMAZON-02)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 1	54.90.48.240 54.90.48.240	14618 (AMAZON-AES) (AMAZON-AES)
1	52.30.186.249 52.30.186.249	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:659... 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4	14618 (AMAZON-AES) (AMAZON-AES)
1	34.149.151.54 34.149.151.54	() ()
198	63

2 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)

www.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:5600:10:2964:9d00:21 (United States)

ASN16509 (AMAZON-02, US)

d2uhnetoehh304.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.96.92.79 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-92-79.deploy.static.akamaitechnologies.com

a304207300.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.238.96.192 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com

i.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.101.193.104 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

fairfaxmedia.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-92.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.125.235 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.235.125.201.138.clients.your-server.de

static-au.plista.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.252.91.197 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-91-197.eu-west-1.compute.amazonaws.com

secure-au.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:214f:1a00:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:b000:7:3896:c640:93a1 (United States)

ASN16509 (AMAZON-02, US)

adc-js.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.85.185 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-85-185.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-49.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e7:101::9002:e05 (San Francisco, United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.207.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-41.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:ea00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.238.165.50 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com

l.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.208.201.194 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fairfaxau.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.21.180.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-180-34.compute-1.amazonaws.com

10510523.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.7.60 (Altamonte Springs, United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-7-60.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.70 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6633783.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

fairfaxau.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.73.127.110 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-127-110.eu-west-1.compute.amazonaws.com

nd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:e600:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.11 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

image5.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

rtd.tubemogul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtd-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.197.14.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-14-190.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.178.105 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.65.130.251 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-65-130-251.ap-southeast-2.compute.amazonaws.com

adc.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:6000:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.2.53.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-53-191.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.13.190 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-13-190.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

dmpsync.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.48.240 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-48-240.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.186.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-186-249.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.151.54 (None, )

ASN- ()

p.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	301 KB
27	afr.com www.afr.com api.afr.com p.afr.com	646 KB
19	doubleclick.net 5 redirects securepubads.g.doubleclick.net ad.doubleclick.net 6633783.fls.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	221 KB
16	ffx.io static.ffx.io i.ffx.io l.ffx.io	56 KB
13	demdex.net dpm.demdex.net fairfaxau.demdex.net nd.demdex.net	18 KB
12	facebook.com www.facebook.com	1 KB
12	imrworldwide.com 1 redirects secure-au.imrworldwide.com cdn-gl.imrworldwide.com secure-gl.imrworldwide.com secure-dcr.imrworldwide.com dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com	84 KB
7	google.com 1 redirects adservice.google.com www.google.com	2 KB
5	ampproject.org cdn.ampproject.org	103 KB
4	google-analytics.com www.google-analytics.com	21 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	facebook.net connect.facebook.net	287 KB
3	qualtrics.com zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com siteintercept.qualtrics.com	21 KB
3	adnxs.com 3 redirects ib.adnxs.com	3 KB
3	nine.com.au adc-js.nine.com.au adc.nine.com.au	23 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	64 KB
3	moatads.com z.moatads.com mb.moatads.com	83 KB
3	optimizely.com cdn.optimizely.com a304207300.cdn.optimizely.com logx.optimizely.com	92 KB
2	krxd.net 1 redirects usermatch.krxd.net beacon.krxd.net	528 B
2	3lift.com 2 redirects dmpsync.3lift.com	755 B
2	gstatic.com fonts.gstatic.com	43 KB
2	googletagservices.com www.googletagservices.com	73 KB
2	casalemedia.com 2 redirects ssum.casalemedia.com	2 KB
2	advertising.com sync.adaptv.advertising.com Failed pixel.advertising.com	600 B
2	everesttech.net 2 redirects rtd-tm.everesttech.net	650 B
2	pubmatic.com 1 redirects image5.pubmatic.com	349 B
2	google.de adservice.google.de www.google.de	1 KB
2	yahoo.com 1 redirects sp.analytics.yahoo.com cms.analytics.yahoo.com	2 KB
2	parsely.com cdn.parsely.com p1.parsely.com	26 KB
2	igodigital.com 10510523.collect.igodigital.com nova.collect.igodigital.com	3 KB
2	plista.com static-au.plista.com	18 KB
2	yimg.com s.yimg.com	7 KB
2	t.co t.co	1 KB
1	fwmrm.net dmp.v.fwmrm.net	411 B
1	chartbeat.net ping.chartbeat.net	201 B
1	chartbeat.com static.chartbeat.com	14 KB
1	2mdn.net s0.2mdn.net	51 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	eyeota.net 1 redirects ps.eyeota.net	418 B
1	tubemogul.com 1 redirects rtd.tubemogul.com	267 B
1	rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com Failed	214 B
1	turn.com 1 redirects d.turn.com	402 B
1	omtrdc.net fairfaxau.sc.omtrdc.net	313 B
1	twitter.com analytics.twitter.com	675 B
1	ads-twitter.com static.ads-twitter.com	6 KB
1	bizographics.com sjs.bizographics.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	gscontxt.net fairfaxmedia.gscontxt.net	2 KB
1	cloudfront.net d2uhnetoehh304.cloudfront.net	30 KB
1	googletagmanager.com www.googletagmanager.com	118 KB
198	50

	Domain	Requested by
20	tpc.googlesyndication.com	www.afr.com t.co 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
18	www.afr.com	t.co www.afr.com
12	www.facebook.com	www.afr.com
11	pagead2.googlesyndication.com	85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.afr.com securepubads.g.doubleclick.net
10	dpm.demdex.net	t.co www.afr.com
8	api.afr.com	www.afr.com
8	static.ffx.io	www.afr.com
6	cdn-gl.imrworldwide.com	www.afr.com t.co cdn-gl.imrworldwide.com secure-au.imrworldwide.com
6	i.ffx.io	d2uhnetoehh304.cloudfront.net
6	securepubads.g.doubleclick.net	www.afr.com securepubads.g.doubleclick.net t.co
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	googleads.g.doubleclick.net	85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com t.co
4	www.google.com	1 redirects www.afr.com 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com tpc.googlesyndication.com
4	ad.doubleclick.net	4 redirects
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.afr.com
4	connect.facebook.net	t.co connect.facebook.net
3	ib.adnxs.com	3 redirects
3	85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adservice.google.com	t.co www.afr.com securepubads.g.doubleclick.net
2	dmpsync.3lift.com	2 redirects
2	pixel.advertising.com	1 redirects
2	siteintercept.qualtrics.com	zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com siteintercept.qualtrics.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagservices.com	85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
2	adc.nine.com.au	adc-js.nine.com.au
2	ssum.casalemedia.com	2 redirects
2	rtd-tm.everesttech.net	2 redirects
2	image5.pubmatic.com	1 redirects www.afr.com
2	secure-dcr.imrworldwide.com	www.afr.com
2	nd.demdex.net	t.co
2	l.ffx.io	www.afr.com
2	secure-gl.imrworldwide.com	secure-au.imrworldwide.com www.afr.com
2	px.ads.linkedin.com	2 redirects
2	static-au.plista.com	t.co static-au.plista.com
2	s.yimg.com	t.co s.yimg.com
2	z.moatads.com	www.afr.com z.moatads.com
2	t.co	www.afr.com
1	p.afr.com
1	dmp.v.fwmrm.net
1	beacon.krxd.net
1	usermatch.krxd.net	1 redirects
1	ping.chartbeat.net
1	static.chartbeat.com	t.co
1	zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com	t.co
1	s0.2mdn.net	85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	cms.analytics.yahoo.com	1 redirects
1	ps.eyeota.net	1 redirects
1	logx.optimizely.com	cdn.optimizely.com
1	rtd.tubemogul.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	www.google.de	www.afr.com
1	p1.parsely.com	www.afr.com
1	nova.collect.igodigital.com	www.afr.com
1	token.rubiconproject.com	www.afr.com
1	d.turn.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com	www.afr.com
1	fairfaxau.sc.omtrdc.net	t.co
1	fairfaxau.demdex.net	t.co
1	adservice.google.de	securepubads.g.doubleclick.net
1	6633783.fls.doubleclick.net	www.afr.com
1	sp.analytics.yahoo.com	www.afr.com
1	cdn.parsely.com	www.googletagmanager.com
1	10510523.collect.igodigital.com	www.googletagmanager.com
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	px4.ads.linkedin.com	www.afr.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	mb.moatads.com	z.moatads.com
1	static.ads-twitter.com	t.co
1	adc-js.nine.com.au	t.co
1	secure-au.imrworldwide.com	1 redirects
1	sjs.bizographics.com	t.co
1	snap.licdn.com	t.co
1	static.hotjar.com	t.co
1	fairfaxmedia.gscontxt.net	www.afr.com
1	a304207300.cdn.optimizely.com	cdn.optimizely.com
1	d2uhnetoehh304.cloudfront.net	www.afr.com
1	www.googletagmanager.com	www.afr.com
1	cdn.optimizely.com	www.afr.com
0	pixel.rubiconproject.com Failed
0	sync.adaptv.advertising.com Failed	www.afr.com
198	85

This site contains links to these domains. Also see Links.

Domain
subscribe.afr.com
twitter.com
rightsportal.copyright.com.au
www.instagram.com
www.linkedin.com
www.facebook.com
www.corporatesubscriptions.com.au
www.nineforbrands.com.au
www.smh.com.au
www.theage.com.au
www.brisbanetimes.com.au
www.watoday.com.au
www.domain.com.au
www.drive.com.au
login.nine.com.au
professional.licensing-publishing.nine.com.au

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
nine.com.au COMODO RSA Organization Validation Secure Server CA	`2021-09-06` - `2022-09-06`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.9pub.io Amazon	`2021-07-07` - `2022-08-05`	a year	crt.sh
*.gscontxt.net DigiCert SHA2 Secure Server CA	`2020-01-22` - `2022-01-21`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-07` - `2021-12-06`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-11-08` - `2021-12-29`	2 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2021-09-28` - `2022-09-28`	a year	crt.sh
*.plista.com COMODO RSA Domain Validation Secure Server CA	`2020-06-02` - `2022-04-11`	2 years	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.api.nine.com.au Amazon	`2021-08-15` - `2022-09-13`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.ninetech.dev Amazon	`2021-08-03` - `2022-09-01`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.collect.igodigital.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-25` - `2022-02-25`	a year	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.sc.omtrdc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-10-05` - `2022-03-04`	5 months	crt.sh
*.nuid.imrworldwide.com Amazon	`2021-06-11` - `2022-07-10`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
logx.optimizely.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
px.nineanalytics.io GTS CA 1D4	`2021-11-12` - `2022-02-10`	3 months	crt.sh

This page contains 23 frames:

Primary Page: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Frame ID: DBA4F3B6FC336F5523FDC0EC07ECD3E3
Requests: 113 HTTP requests in this frame

Frame: https://a304207300.cdn.optimizely.com/client_storage/a304207300.html
Frame ID: FCB98C81AADA781F62C135B0B957FC83
Requests: 1 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: 26D7EC06CF97005A33CEA2C5EE5F952D
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Frame ID: EC13F9733CA72266B6ADA70C888B3C69
Requests: 1 HTTP requests in this frame

Frame: https://secure-gl.imrworldwide.com/storageframe.html
Frame ID: C4128E7F32650D680639558E56706B36
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319
Frame ID: 55E0E8EEFAFB32DFC9A66481838CCDE3
Requests: 1 HTTP requests in this frame

Frame: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 832EDDF6DA5ED53D0DD09F812EF1F1BC
Requests: 1 HTTP requests in this frame

Frame: https://fairfaxau.demdex.net/dest5.html?d_nsid=0
Frame ID: DA62621ADECCEE02E6BDEAB57FD1DC8B
Requests: 11 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 69C00D0AC600F02E3A836A94BBC5490E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 27F1DAA363FA3EB30331AC538EE056BA
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DB155E6A7CA4159ADE9B822EFB2A3554
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: B01C092816618763139333EA4A3FA5D6
Requests: 15 HTTP requests in this frame

Frame: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CBCDC30E0AEE91346A2B96A0DE6D6DBD
Requests: 15 HTTP requests in this frame

Frame: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D8FF2FEA53FCF0B9A64535EFBD8BB44D
Requests: 7 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1187B4782F1541021EAEB6CED4BDE848
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html
Frame ID: 54EE285F74879DEA8306C355131E9285
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYxb6dugEwAQ&v=APEucNWCYOA0DyiChn1ieFQlLwIGrecY_XTVQxsS2UZkU2HvF1x6lg0IGKzFvdoqQzudial6nvdv5GuuhaRbGcwooZGsc2og0Q
Frame ID: 734700CEAC9EFF295EAC5AF5B9ED0C1E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7887E5B0A7816433E9635C52A7D169FF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 70784C23DEE01DF22F0FF30FB630ABA7
Requests: 3 HTTP requests in this frame

Frame: https://nd.demdex.net/dest5.html?d_nsid=0
Frame ID: E6C68E9E006D14BA2BAA50E41B07904A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 3AF7E436AFCE0A700502D1F74023475A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 573FE8CD6391A224F3D025F6BDAEB23C
Requests: 2 HTTP requests in this frame

Frame: https://adc.nine.com.au/?appNexusUid=1038005398024162734
Frame ID: E4F2058AA632F51F2F8BF19814E7C15B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CreditWatch founder Colin Porter returns to stop invoice scams costing businesses more than $100mThe Australian Financial Review

Page URL History Show full URLs

https://t.co/rQhc1l9DjN Page URL
https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126... Page URL

Page Statistics

198
Requests

92 %
HTTPS

42 %
IPv6

50
Domains

85
Subdomains

63
IPs

10
Countries

2423 kB
Transfer

7186 kB
Size

58
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://subscribe.afr.com/?promote_channel=HI_HL_GNL&utm_source=afr.com&utm_medium=HouseInventory&utm_campaign=General&utm_content=HDR
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://twitter.com/eyersj?lang=en
Title: Twitter

Search URL Search Domain Scan URL

URL: http://rightsportal.copyright.com.au/pages/republicationpage.aspx?author=James%20Eyers&publication=AFR&publicationdate=2021-11-29T03%3A00%3A00Z&publisher=fxj&title=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Title: License article

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/?promote_channel=HI_MT_GNL
Title: Save 50% now

Search URL Search Domain Scan URL

URL: https://twitter.com/FinancialReview

Search URL Search Domain Scan URL

URL: https://www.instagram.com/financialreview/

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/1628885

Search URL Search Domain Scan URL

URL: https://www.facebook.com/financialreview

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/?promote_channel=HI_FL_GNL&utm_source=afr.com&utm_medium=HouseInventory&utm_campaign=General&utm_content=FTR
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.corporatesubscriptions.com.au/?utm_source=afr_sub_lp&utm_medium=link&utm_campaign=corporate_subscriptions
Title: Corporate subscriptions

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/student-offer?promote_channel=HI_FL_STU&utm_source=FooterLink&utm_medium=HouseInventory&utm_campaign=Student
Title: Student subscriptions

Search URL Search Domain Scan URL

URL: https://www.nineforbrands.com.au/about/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.nineforbrands.com.au/brand/the-australian-financial-review/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.smh.com.au/
Title: The Sydney Morning Herald

Search URL Search Domain Scan URL

URL: https://www.theage.com.au/
Title: The Age

Search URL Search Domain Scan URL

URL: https://www.brisbanetimes.com.au/
Title: Brisbane Times

Search URL Search Domain Scan URL

URL: https://www.watoday.com.au/
Title: WAtoday

Search URL Search Domain Scan URL

URL: https://www.domain.com.au/
Title: Domain

Search URL Search Domain Scan URL

URL: https://www.drive.com.au/
Title: Drive

Search URL Search Domain Scan URL

URL: https://login.nine.com.au/privacy?client_id=afr
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://login.nine.com.au/terms?client_id=afr
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://professional.licensing-publishing.nine.com.au/C.aspx?VP3=CMS3&VF=Home
Title: Reprints & Permissions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/rQhc1l9DjN Page URL
https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://secure-au.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 58

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%252C3519914%26time%3D1638184056572%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Ftechnology%252Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&liSync=true&e_ipv6=AQKCaoxgVAhsOgAAAX1rYPo51V1FLcY_xY3AuDXUqsfw4RHn6FlR5GGluaGExq0X97CH_cmn

Request Chain 76

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319 HTTP 302
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319

Request Chain 79

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=*;ps=1

Request Chain 106

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=1038005398024162734

Request Chain 107

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3218223908093524481

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDAzNTg0NDcyMTY3ODIzOTg0NTA1ODMxMDM5MDE3NTkyODE3MTA= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEE_qyM8TC2nBQ0hsDz_42XM&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 115

https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YaS0eQAAlM77KQAy HTTP 302
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YaS0eQAAlM77KQAy

Request Chain 116

https://sync.adap.tv/demdex_user_sync HTTP 302
https://sync.adaptv.advertising.com/demdex_user_sync

Request Chain 118

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YaS0eSLJjitDbk6l0ZxR4gAA%261116

Request Chain 119

https://ps.eyeota.net/match?bid=6j5b2cv&uid=40358447216782398450583103901759281710&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 120

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=40358447216782398450583103901759281710&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-Qtfnv7JE2pG6VM61_ur3LGpSchhULw.R.1M-~A

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 185

https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true&verify=true

Request Chain 186

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID HTTP 302
https://adc.nine.com.au/?appNexusUid=1038005398024162734

Request Chain 187

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Request Chain 191

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=6325881595516224336&gdpr=0&gdpr_consent=

Request Chain 192

https://usermatch.krxd.net/um/v2?partner=adobe&id=40610250637483666870598418323837297428 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=40610250637483666870598418323837297428

198 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 rQhc1l9DjN
t.co/ 465 B
674 B 143ms
127ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 29 Nov 2021 11:07:34 GMT
vary: Origin
server: tsa_o
expires: Mon, 29 Nov 2021 11:12:35 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 237
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 120
x-connection-hash: 5d7a66d1b2c8211d9a6d4b7d3a24508d49c7d644cf5c1326b76c34debbf813ff

GET
H2 200 Primary Request creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk Show response
www.afr.com/technology/ 190 KB
38 KB 383ms
352ms Document
text/html 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fb34d671ac53532491f8bd44fbb1f58fcb9d2ab8408a195800b8633e97962c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://t.co/

Response headers

cache-control: public, max-age=30
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: W/"2f69e-f4pCSOV+Yd5Y6rhLcRK/kQNchzU"
strict-transport-security: max-age=31536000
uber-trace-id: b1228531265938ad:b1228531265938ad:0:0
x-frame-options: sameorigin
x-varnish-grace: none(fetch fresh)
x-xss-protection: 1; mode=block
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 29 Nov 2021 11:07:35 GMT
age: 0
x-served-by: cache-syd10165-SYD, cache-hhn4021-HHN
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 38390

GET
H2 200 polyfillsGlobal.df03d31e383b41008b46.js Show response
www.afr.com/assets/ 1 KB
749 B 10ms
10ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/polyfillsGlobal.df03d31e383b41008b46.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

55d8bd006c26d85d15f250d1ea7497f4390b04dac099c48484a155ffb6ae4e18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 378944
uber-trace-id: 27b2e90515c0a1ae:27b2e90515c0a1ae:0:0
x-cache: HIT, HIT
content-length: 529
etag: W/"45a-17d547b6628"
x-served-by: cache-syd10144-SYD, cache-hhn4021-HHN
last-modified: Thu, 25 Nov 2021 00:25:13 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 europa.d2a094a3e3ec08b668bd.js Show response
www.afr.com/assets/ 40 KB
11 KB 10ms
10ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/europa.d2a094a3e3ec08b668bd.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

668e065f6c3a37d16364785aad9c0689a95162603666e378e1c7fbf0c6c4165c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 378944
uber-trace-id: 5f13bff3cbf69fa1:5f13bff3cbf69fa1:0:0
x-cache: HIT, HIT
content-length: 11609
etag: W/"a06b-17d54af5ed8"
x-served-by: cache-syd10150-SYD, cache-hhn4021-HHN
last-modified: Thu, 25 Nov 2021 01:21:59 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 13780390039.js Show response
cdn.optimizely.com/js/ 292 KB
90 KB 84ms
22ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/13780390039.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

751c47e579a96ede4c4fdfc48219716cfb906d1aabd8e7f7e06b153baff38be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: uSlyYAEM5KIpmYruyE3uVfIiYzs8.EbJ
content-encoding: gzip
etag: "15fc9005a4dfd6cdc98e1c0b45fe38c3"
x-amz-request-id: ZM6QJ5W7MBGYXTSZ
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 2968
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 91457
x-amz-id-2: lDqZEC87LoBu/mj2NfhkluJxqjEvaAuqJqBd/BKA+LDdyK8U0ZdxR816jFfTe+aZmTSCVzJg+HE=
last-modified: Thu, 25 Nov 2021 03:25:15 GMT
server: AmazonS3
date: Mon, 29 Nov 2021 11:07:35 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 de92fad56d84f58a7786f5e5dc791572368e06b4
static.ffx.io/images/$width_140%2C$height_140/t_crop_auto%2Cq_auto:best%2Cfl_any_format/ 7 KB
8 KB 39ms
8ms Image
image/png 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$width_140%2C$height_140/t_crop_auto%2Cq_auto:best%2Cfl_any_format/de92fad56d84f58a7786f5e5dc791572368e06b4
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: feb35a42307d1d625165e6eb904a59e09f72fed5510fd452dfd58905a8507ebf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:35 GMT
via: 1.1 varnish, 1.1 varnish
age: 900374
edge-cache-tag: 323201847466709505494089637799511810365,360778656187203342608955627533303398316,5f5f4219172da4ec8104790896b11172
x-cache: MISS, HIT
content-length: 7469
x-served-by: cache-hhn4020-HHN, cache-hhn4021-HHN
x-cld-skey: 323201847466709505494089637799511810365 360778656187203342608955627533303398316 5f5f4219172da4ec8104790896b11172
last-modified: Fri, 19 Nov 2021 00:37:27 GMT
server: cloudinary
x-timer: S1638184056.943971,VS0,VE1
etag: "9784575261a4fc05b163914c9787c550"
vary: User-Agent
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 379 KB
118 KB 157ms
64ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d6b382729ed289c0c75aa63a72d4161b93bb1aac045efad6963855388bea8239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120401
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 sp.js Show response
d2uhnetoehh304.cloudfront.net/2.11.0-patched/ 97 KB
30 KB 37ms
8ms Script
application/javascript 2600:9000:214f:5600:10:2964:9d00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:5600:10:2964:9d00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 01:08:29 GMT
content-encoding: gzip
last-modified: Mon, 05 Jul 2021 01:09:01 GMT
server: AmazonS3
age: 3578347
etag: W/"80b7ca5bd7a7e17f33545663b8f8423f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8b5bc0831e6dab612582614c3009efa7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: Yc0KQvYuSDGIUh7CfiOGwOPyul4TURa0jzQWFPUZw44_xqrTojBfMw==

GET
H2 200 9a774230.svg
www.afr.com/assets/ 3 KB
625 B 13ms
13ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/9a774230.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"bf5-17c2fb3dc68"
age: 5257032
uber-trace-id: 1415fd4ef5a1746d:1415fd4ef5a1746d:0:0
x-cache: HIT, HIT
content-length: 460
x-served-by: cache-syd10151-SYD, cache-hhn4021-HHN
last-modified: Wed, 29 Sep 2021 03:58:09 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 22492, 1

GET
H2 200 0d96eeec.svg
www.afr.com/assets/ 6 KB
3 KB 14ms
14ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/0d96eeec.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"18fe-17c7de2f798"
age: 3875063
uber-trace-id: 36d27dcdfb1f5c31:36d27dcdfb1f5c31:0:0
x-cache: HIT, HIT
content-length: 2780
x-served-by: cache-syd10126-SYD, cache-hhn4021-HHN
last-modified: Thu, 14 Oct 2021 08:19:59 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 10577, 1

GET
H2 200 suecanano-regular-webfont.woff2
www.afr.com/fonts/ 18 KB
18 KB 12ms
11ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-regular-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"4664-17d59a73898"
age: 65996
uber-trace-id: 1ce2494d6d06faec:1ce2494d6d06faec:0:0
x-cache: HIT, HIT
content-length: 18020
x-served-by: cache-syd10172-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:11 GMT
date: Mon, 29 Nov 2021 11:07:35 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 suecahd-regular-webfont.woff2
www.afr.com/fonts/ 22 KB
23 KB 9ms
8ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regular-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"59b8-17d59a73898"
age: 59051
uber-trace-id: 75da31f7f9aefd8:75da31f7f9aefd8:0:0
x-cache: HIT, HIT
content-length: 22968
x-served-by: cache-syd10135-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:11 GMT
date: Mon, 29 Nov 2021 11:07:35 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 suecahd-regularitalic-webfont.woff2
www.afr.com/fonts/ 24 KB
24 KB 10ms
9ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regularitalic-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"5f4c-17d59a73898"
age: 73463
uber-trace-id: 97829d0fcdb3cce:97829d0fcdb3cce:0:0
x-cache: HIT, HIT
content-length: 24396
x-served-by: cache-syd10141-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:11 GMT
date: Mon, 29 Nov 2021 11:07:35 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 suecanano-semibold-webfont.woff2
www.afr.com/fonts/ 17 KB
18 KB 14ms
14ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-semibold-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"45f0-17d59a73898"
age: 63911
uber-trace-id: 14cc705156fd4520:14cc705156fd4520:0:0
x-cache: HIT, HIT
content-length: 17904
x-served-by: cache-syd10135-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:11 GMT
date: Mon, 29 Nov 2021 11:07:35 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 suecahd-bold-webfont.woff2
www.afr.com/fonts/ 22 KB
22 KB 15ms
14ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-bold-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"5844-17d59a73898"
age: 59506
uber-trace-id: 7b873a593ba0806c:7b873a593ba0806c:0:0
x-cache: HIT, HIT
content-length: 22596
x-served-by: cache-syd10173-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:11 GMT
date: Mon, 29 Nov 2021 11:07:35 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 vendorsReactRedux_client.34054a0e45a7d1fd7fd6.chunk.js Show response
www.afr.com/assets/ 154 KB
51 KB 13ms
12ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsReactRedux_client.34054a0e45a7d1fd7fd6.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

34a51d39f01f62c0d4ea3e4463e4fee766eee956df1e57f0028990045a1720b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 293848
uber-trace-id: f64543142497bda:f64543142497bda:0:0
x-cache: HIT, HIT
content-length: 51637
etag: W/"2663d-17d59a7a210"
x-served-by: cache-syd10139-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:38 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 vendorsHtmlparser2_client.76155f667313cc1ab090.chunk.js Show response
www.afr.com/assets/ 126 KB
40 KB 15ms
13ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsHtmlparser2_client.76155f667313cc1ab090.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

920be5604af5a13bfe32d6722e25ec5232195a02644994a7b4c220e691873c9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 382165
uber-trace-id: 56637008748d194c:56637008748d194c:0:0
x-cache: HIT, HIT
content-length: 40627
etag: W/"1f841-17d547b6628"
x-served-by: cache-syd10176-SYD, cache-hhn4021-HHN
last-modified: Thu, 25 Nov 2021 00:25:13 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 vendors_client.278d4324d6c3028ac446.chunk.js Show response
www.afr.com/assets/ 517 KB
149 KB 16ms
15ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fea43431c69a07aa5d24489dee8c6061740779c29343f5acbf07ff4c7f7a3b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 293838
uber-trace-id: b4a58f8561a02eae:b4a58f8561a02eae:0:0
x-cache: HIT, HIT
content-length: 152377
etag: W/"81406-17d59a7a210"
x-served-by: cache-syd10135-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:38 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 client.2013b66f9ed8611487ee.js Show response
www.afr.com/assets/ 523 KB
133 KB 26ms
25ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/client.2013b66f9ed8611487ee.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c4ec6f733b5d3bcee97fbc3de476176e0613c717cc09463b3f3f80aca03aeac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 38771
uber-trace-id: c17732b34692289e:c17732b34692289e:0:0
x-cache: HIT, HIT
content-length: 136109
etag: W/"82d1d-17d68ec2430"
x-served-by: cache-syd10148-SYD, cache-hhn4021-HHN
last-modified: Sun, 28 Nov 2021 23:40:46 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: normal hit
accept-ranges: bytes
x-cache-hits: 10, 1

GET
H2 200 StandardArticleTemplate.824df6a954c13ff54ed1.chunk.js Show response
www.afr.com/assets/ 78 KB
23 KB 25ms
24ms Script
application/javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/StandardArticleTemplate.824df6a954c13ff54ed1.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

66fb1cbd6b3fb1dffb98c577751ece4e5882569d3b6f1c6d7bb539991ea4b6a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 293869
uber-trace-id: a86374b3a466b1dd:a86374b3a466b1dd:0:0
x-cache: HIT, HIT
content-length: 23203
etag: W/"139fa-17d59a7a210"
x-served-by: cache-syd10130-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:38 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 client.2013b66f9ed8611487ee.css
www.afr.com/assets/ 151 KB
25 KB 25ms
24ms Stylesheet
text/css 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/client.2013b66f9ed8611487ee.css

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f7de950852f2b9d4d1ff8e2e1a3eca56b0a2cf96098bec320b6c813bc77a3eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 38804
uber-trace-id: fadb2f7c5ba8435b:fadb2f7c5ba8435b:0:0
x-cache: HIT, HIT
content-length: 25763
etag: W/"25c15-17d68ec2430"
x-served-by: cache-syd10143-SYD, cache-hhn4021-HHN
last-modified: Sun, 28 Nov 2021 23:40:46 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 9, 1

GET
H2 200 StandardArticleTemplate.824df6a954c13ff54ed1.chunk.css
www.afr.com/assets/ 53 KB
9 KB 25ms
25ms Stylesheet
text/css 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/StandardArticleTemplate.824df6a954c13ff54ed1.chunk.css

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d3976ea4d6f3db03a05eebb0c048f94daf0204a21efee553a47c9f329e44cc11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 293870
uber-trace-id: e37a24add88cfde2:e37a24add88cfde2:0:0
x-cache: HIT, HIT
content-length: 9369
etag: W/"d240-17d59a7a210"
x-served-by: cache-syd10171-SYD, cache-hhn4021-HHN
last-modified: Fri, 26 Nov 2021 00:31:38 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:35 GMT
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 137ms
50ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/europa.d2a094a3e3ec08b668bd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1058 / 52 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 a304207300.html Show response
a304207300.cdn.optimizely.com/client_storage/ Frame FCB9 2 KB
1 KB 92ms
31ms Document
text/html 104.96.92.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a304207300.cdn.optimizely.com/client_storage/a304207300.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.96.92.79 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-92-79.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

59d1fe77c0d1ebe0d67f0573054abc91778b82b7ffe93e734720986ec4496650

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

x-amz-id-2: BnMqiQzBYu7tg4wltaYj487zWVhsEvQ6kMzGidSpBND2lIW68wYSSMwrHJnDu8FC27vo26mGQ/w=
x-amz-request-id: WRK2KBDAE6DMM2BR
x-amz-replication-status: COMPLETED
last-modified: Sun, 28 Nov 2021 23:29:51 GMT
etag: "97911538b27fac53a260a472ffa569f9"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: CV1pA3t2ypulP3RlHfVODHvymAmitoOf
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 987
vary: Accept-Encoding
cache-control: max-age=120
date: Mon, 29 Nov 2021 11:07:36 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="16";dur=0,cdnip;desc="104.96.92.79";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 1150ms
280ms Preflight 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Mon, 29 Nov 2021 11:07:37 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H2 200 8776d53195dc112eb8620ae5f17041a7.sprite.svg Show response
www.afr.com/assets/svg/ 103 KB
36 KB 8ms
7ms XHR
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/svg/8776d53195dc112eb8620ae5f17041a7.sprite.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2144cc2dcb3b73143e73042e59b148ac836100e0adcdfadbbf2af6fc7aa474cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"19af9-17d4628f0e0"
age: 622231
uber-trace-id: 855fefabac739832:855fefabac739832:0:0
x-cache: HIT, HIT
content-length: 36408
x-served-by: cache-syd10152-SYD, cache-hhn4021-HHN
last-modified: Mon, 22 Nov 2021 05:40:28 GMT
x-frame-options: sameorigin
date: Mon, 29 Nov 2021 11:07:36 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 1079ms
271ms XHR
text/plain 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 29 Nov 2021 11:07:38 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

GET
H2 200 p57n0s Show response
api.afr.com/api/content/v0/assets/ 19 KB
7 KB 326ms
299ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p57n0s
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: eea1d9620d359b9390cc662b4d4574dc531d8d4473885c07b2154ee99fce9fba

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
x-served-by: cache-syd10145-SYD, cache-hhn4037-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 6631
x-cache-hits: 0, 0

GET
H2 200 p56ftg Show response
api.afr.com/api/content/v0/assets/ 19 KB
6 KB 340ms
313ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p56ftg
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4f48de3ff0d64db0a4a082e0b61287d6b81031ceb6528382e7f7f63479efd64e

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
x-served-by: cache-syd10122-SYD, cache-hhn4037-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 6300
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 196 B
260 B 319ms
311ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20memberDetailsAndSubscriptions%20%7B%20memberDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20member%20%7B%20profile%20%7B%20displayName%20email%20roles%20%7B%20accountId%20role%20%7D%20shortID%20type%20%7D%20%7D%20%7D%20memberSubscriptionDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20subscription%20%7B%20entitlements%20plans%20%7D%20%7D%20%7D%20&operationName=memberDetailsAndSubscriptions&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10177-SYD, cache-hhn4021-HHN
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 196
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 165 B
244 B 293ms
286ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20Account%20%7B%20account%20%7B%20autoplay%20error%20%7B%20message%20type%20%7D%20location%20%7B%20postCode%20state%20suburb%20%7D%20onboarding%20%7B%20newsfeed%20tags%20%7D%20%7D%20%7D%20&operationName=Account&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10153-SYD, cache-hhn4021-HHN
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 165
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 104 B
168 B 324ms
317ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20isAssetInSavedList(%24assetID%3A%20String!%2C%20%24brand%3A%20Brand!)%20%7B%20isAssetInSavedList(input%3A%20%7BassetID%3A%20%24assetID%2C%20brand%3A%20%24brand%7D)%20%7B%20isSaved%20error%20%7B%20message%20%7D%20%7D%20%7D%20&operationName=isAssetInSavedList&variables=%7B%22assetID%22%3A%22p59cnk%22%2C%22brand%22%3A%22afr%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10136-SYD, cache-hhn4021-HHN
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 104
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 411 B
415 B 338ms
333ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20PaywallRuleQuery(%24context%3A%20PaywallRuleRequestContext!%2C%20%24story%3A%20PaywallRuleRequestStory!)%20%7B%20paywallRule(context%3A%20%24context%2C%20story%3A%20%24story)%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20rule%20%7B%20...RuleFragment%20%7D%20%7D%20%7D%20fragment%20RuleFragment%20on%20PaywallRuleData%20%7B%20meter%20%7B%20global%20%7D%20prompt%20%7B%20...PromptFragment%20%7D%20promptType%20%7D%20fragment%20PromptFragment%20on%20Prompt%20%7B%20callToAction%20countRemaining%20message%20style%20subscriptionURL%20title%20%7D%20&operationName=PaywallRuleQuery&variables=%7B%22context%22%3A%7B%22alreadyMetered%22%3Afalse%2C%22currentMeterCount%22%3A0%2C%22referrer%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22bypassURL%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk%22%7D%2C%22story%22%3A%7B%22brand%22%3A%22AFR%22%2C%22categories%22%3A%5B%22Technology%22%5D%2C%22sponsored%22%3Afalse%2C%22tags%22%3A%5B%22Start-up%20funding%22%2C%22Fintech%22%2C%22Start-ups%22%2C%22Payments%22%2C%22Credit%20rating%22%2C%22Big%20four%20banks%22%2C%22Open%20banking%22%2C%22Cyber%20security%20(Editorial%20use)%22%2C%22Australian%20Competition%20and%20Consumer%20Commission%22%2C%22Scams%22%2C%22Business%20IT%22%5D%2C%22type%22%3A%22ARTICLE%22%7D%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 96c4376b5e04d2d255b211fe0db20f37a2c3214959cc9258c018efa90318c071

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-served-by: cache-syd10123-SYD, cache-hhn4021-HHN
vary: Accept-Encoding, Origin
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 312
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 145 B
305 B 285ms
280ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20AudienceSegmentsQuery(%24userId%3A%20String!)%20%7B%20audienceSegments(userId%3A%20%24userId)%20%7B%20segments%20%7B%20engagementSegment%20%7B%20batchTime%20userSegment%20%7D%20%7D%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20%7D%20%7D%20&operationName=AudienceSegmentsQuery&variables=%7B%22userId%22%3A%2201ea790b-39ee-45f3-980e-5e71f5c080ad%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
age: 0
x-served-by: cache-syd10169-SYD, cache-hhn4021-HHN
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 129
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H/1.1 200
OK channels.cgi Show response
fairfaxmedia.gscontxt.net/main/ 2 KB
2 KB 102ms
18ms Script
application/javascript 158.101.193.104
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://fairfaxmedia.gscontxt.net/main/channels.cgi?url=https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/europa.d2a094a3e3ec08b668bd.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.101.193.104 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: 4b4dfa7bb1368412b90d29a3c9c3031cbbb7438e058d0ecb9f2df02ddc0a85b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length: 1559
Content-Type: application/javascript

GET
H2 200 moatheader.js Show response
z.moatads.com/fairfaxheader492510264302/ 236 KB
81 KB 26ms
9ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/europa.d2a094a3e3ec08b668bd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 222636c2810fe948341450766980c2eec11a5db55a64e544bc6e7ee7652902ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
last-modified: Tue, 02 Nov 2021 14:29:51 GMT
server: AmazonS3
x-amz-request-id: SRFG63ZPP8DFCFQ0
etag: "0873cc09e1ebb230bc16e3769d661ea2"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=9279
accept-ranges: bytes
content-length: 82845
x-amz-id-2: hvIr6V9j9y6v1CoUnbMynshxi2T9iywEILq7N9rwevOkY8BZEKEIFBNS0QlfLf9C7I3oKHXzS+Y=

GET
H2 200 graphql Show response
api.afr.com/ 37 KB
8 KB 11ms
10ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20PageContentByPageType(%24brand%3A%20Brand!%2C%20%24pageType%3A%20PageType!%2C%20%24render%3A%20Render!)%20%7B%20pageContentByPageType(brand%3A%20%24brand%2C%20pageType%3A%20%24pageType%2C%20render%3A%20%24render)%20%7B%20contentUnits%20%7B%20assets%20%7B%20...AssetFragment%20sponsor%20%7B%20name%20%7D%20%7D%20config%20%7B%20heading%20headingLink%20%7D%20name%20%7D%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=PageContentByPageType&variables=%7B%22brand%22%3A%22AFR%22%2C%22pageType%22%3A%22article%22%2C%22render%22%3A%22WEB%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f2659780d94aa5f3b9d28cc58cdc91e0c6d23d480b01b9beb92eab049391da09

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
age: 28
x-served-by: cache-syd10151-SYD, cache-hhn4021-HHN
vary: Accept-Encoding, Origin
x-cache: HIT, HIT
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=30
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 7570
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 1

GET
H2 200 ed678ca0302ab0999373c285100c59b3bfbd13de
static.ffx.io/images/$zoom_0.167%2C$multiply_4%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_1/t_crop_custom/c_scale%2Cw_620%2Cq_88%2Cf_auto/ 15 KB
16 KB 11ms
11ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.167%2C$multiply_4%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_1/t_crop_custom/c_scale%2Cw_620%2Cq_88%2Cf_auto/ed678ca0302ab0999373c285100c59b3bfbd13de
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 3a9a46a45856d1639828034a0d31b4c823ac3e29b5891844ab7393fce7e2ff28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 28191
edge-cache-tag: 384509613295811336077997869306224497885,253939897709511593550181834710018242492,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="ed678ca0302ab0999373c285100c59b3bfbd13de.webp"
content-length: 15462
x-served-by: cache-dca17770-DCA, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 384509613295811336077997869306224497885 253939897709511593550181834710018242492 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 29 Nov 2021 03:02:39 GMT
server: cloudinary
x-timer: S1638184056.341387,VS0,VE1
etag: "084a51bfd76e3432f9d6228bb1c12201"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 57ms
55ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 124 B
121 B 97ms
49ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96
x-xss-protection: 0
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 25ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: kw4Gfma5enZS1+wQnst/rg4CjFZEiHQ6VAJ5cYaP/IcJxxkdjdUwfbzRW0mhWGqBFA7DdcjMh/x+ybt4zMvpbQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 29 Nov 2021 11:07:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-182799.js Show response
static.hotjar.com/c/ 6 KB
3 KB 28ms
10ms Script
application/javascript 13.32.22.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-182799.js?sv=6

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-92.fra56.r.cloudfront.net

Software

Resource Hash

ca674d4e0485d840fabdde4262975b17c52849d41c203ddc994bea36c1bc7ee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C2
etag: W/13ad1103a8f4513b2c0318dd4fa3cc55
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: FhKkyDXa3TUG0RKYSyVA3bgVhbdy4RL46ziCeOs7xPjo6Af8aGeUIA==
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 50ms
16ms Script
application/x-javascript 2a02:26f0:6c00::210:ba10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 11:07:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=53130
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 73ms
28ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 29 Nov 2021 11:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5652
x-amz-id-2: d1N2tFoJ+rHbMi7L3quaKFQfWZd4OKRq6TDfdofk/Pu/RGyiof67JdHpQTfPJIKcbXFxbHTBX/k=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sat, 10 Dec 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Thu, 04 Nov 2021 15:26:13 GMT
server: ATS
etag: "146f99405588b7446958a732612c901d-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: EXVZ4E6N0C8NCQPZ
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: pCmRUUjnQE9zqMEfVdrNnyYpaPAyW8Do
accept-ranges: bytes
content-type: application/javascript

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 5 KB
2 KB 77ms
20ms Script
application/x-javascript 2a02:26f0:6c00::210:ba10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 11:07:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=25664
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 async.js Show response
static-au.plista.com/ 64 KB
17 KB 69ms
27ms Script
application/javascript 138.201.125.235
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static-au.plista.com/async.js

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

138.201.125.235 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.235.125.201.138.clients.your-server.de

Software

nginx /

Resource Hash

a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-plista-versions: plista-plugin- libplista-php-0.0.0
date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101
x-plista-node: plista853
content-length: 17165
last-modified: Mon, 29 Nov 2021 11:05:53 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 318341288 317926214
via: 1.1 varnish-v4
cache-control: public, must-revalidate, proxy-revalidate
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
expires: Tue, 30 Nov 2021 11:05:54 GMT

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-au.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

7ms
7ms

Script
application/javascript

2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: .KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
content-encoding: gzip
etag: W/"cc7339d315e5ab16597dd66d153a0e7e"
last-modified: Mon, 12 Oct 2020 13:35:53 GMT
server: AmazonS3
age: 25039
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 29 Nov 2021 04:10:18 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: t9vJ1qv5l5S9r23P7VSx7hx7c7j9VyOhRSHge0m5bv3NsyPU1TwH7A==

Redirect headers

location: https://cdn-gl.imrworldwide.com:443/v60.js
date: Mon, 29 Nov 2021 11:07:36 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H2 200 ggcmb510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 12 KB
5 KB 25ms
7ms Script
application/javascript 2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 6XrFclzZrCpK6VsHWnjUPjBmJYkrcnf.
content-encoding: gzip
etag: W/"afa0d379b1e6e0a61fad577d0043ff26"
last-modified: Mon, 18 Oct 2021 14:09:23 GMT
server: AmazonS3
age: 3064
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 29 Nov 2021 10:16:32 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 0JCT0ig9QXowMnF86oBD4MmCtDyfKX6gnsBIMQocmpDpMpKPPSNZzg==

GET
H/1.1 200
OK adc.js Show response
adc-js.nine.com.au/ 76 KB
22 KB 62ms
10ms Script
application/javascript 2600:9000:2057:b000:7:3896:c640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adc-js.nine.com.au/adc.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:b000:7:3896:c640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 11:03:00 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 06:12:51 GMT
Server: AmazonS3
Age: 473
ETag: W/"23c4e4ce44af9dfacd823a16445bddda"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
Cache-Control: public, max-age=300
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA6-C1
X-Amz-Cf-Id: xrOraHOgQr2-x5ipwBnMY5oQIk8K438bYSS4Q86Dsu2WqFAEba2xSg==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 43ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100026-IAD, cache-hhn11568-HHN

GET
H2 200 51caed56548900cecf1be7a0980764a298fd463b
static.ffx.io/images/$zoom_0.1394%2C$multiply_4%2C$ratio_1.777778%2C$width_1059%2C$x_105%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 3 KB
4 KB 14ms
13ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.1394%2C$multiply_4%2C$ratio_1.777778%2C$width_1059%2C$x_105%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/51caed56548900cecf1be7a0980764a298fd463b
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 1b1e839148aec7e823e0c6ab7454ea987200ef30ecbf4c208af4cc33571b6de7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 294620
edge-cache-tag: 350587864242035924324559891332518201519,397535220750037386927318958354827884064,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="51caed56548900cecf1be7a0980764a298fd463b.webp"
content-length: 3362
x-served-by: cache-hhn4061-HHN, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 350587864242035924324559891332518201519 397535220750037386927318958354827884064 5f5f4219172da4ec8104790896b11172
last-modified: Fri, 26 Nov 2021 00:58:31 GMT
server: cloudinary
x-timer: S1638184056.426837,VS0,VE1
etag: "491a7118699c487bc422a6da5cb539fd"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 5b3f3fda01ebe66884df758c06ee4f83d01cf3a3
static.ffx.io/images/$zoom_0.328%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_173%2C$y_164/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 6 KB
6 KB 13ms
13ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.328%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_173%2C$y_164/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/5b3f3fda01ebe66884df758c06ee4f83d01cf3a3
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 80fa6c9da6d7deb1b9dc5e407075cc51d846b8d1f5b29afff0a88808bc153cee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 407183
edge-cache-tag: 184373611208430094272092748538172296093,318067716218625232855388137756323980576,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="5b3f3fda01ebe66884df758c06ee4f83d01cf3a3.webp"
content-length: 5642
x-served-by: cache-hhn4032-HHN, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 184373611208430094272092748538172296093 318067716218625232855388137756323980576 5f5f4219172da4ec8104790896b11172
last-modified: Wed, 24 Nov 2021 18:00:32 GMT
server: cloudinary
x-timer: S1638184056.427034,VS0,VE1
etag: "f95e81fe84963bdd8b2f9ae8e3061ffa"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 6826dd664d6c0955576737c8082c5931087d0229
static.ffx.io/images/$zoom_2.8144%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_2918%2C$y_571/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 6 KB
6 KB 13ms
8ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_2.8144%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_2918%2C$y_571/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/6826dd664d6c0955576737c8082c5931087d0229
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 3d4b2f160b8117467085efe6a0308c19ac82bb4ed9c0a37ab690155b9c298e9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 31126
edge-cache-tag: 402172856816295039513624793150813152901,332109592405988617963300444514375401398,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="6826dd664d6c0955576737c8082c5931087d0229.webp"
content-length: 6152
x-served-by: cache-hhn4052-HHN, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 402172856816295039513624793150813152901 332109592405988617963300444514375401398 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 29 Nov 2021 02:24:48 GMT
server: cloudinary
x-timer: S1638184056.446444,VS0,VE1
etag: "a4238d4302d8e2a53309aadc65e4ffb5"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 18c709c83c7cb7bc7bfc35114ce60b834a97c6f4
static.ffx.io/images/$zoom_0.58%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_538%2C$y_148/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 7 KB
7 KB 14ms
9ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.58%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_538%2C$y_148/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/18c709c83c7cb7bc7bfc35114ce60b834a97c6f4
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 7c331ac81d14f3351eb520e3de27ea792c145279386e2c8a284bf7319d00167d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 61015
edge-cache-tag: 406264544385905520152838803375420848318,506173496306612012321328980263738888547,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="18c709c83c7cb7bc7bfc35114ce60b834a97c6f4.webp"
content-length: 6878
x-served-by: cache-hhn4031-HHN, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 406264544385905520152838803375420848318 506173496306612012321328980263738888547 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 28 Nov 2021 09:22:12 GMT
server: cloudinary
x-timer: S1638184056.446635,VS0,VE1
etag: "e36a6376f39f3c8f5f742d712aa6d35d"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 328 B
503 B 111ms
38ms Script
text/html 18.169.85.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-WyAEUFJ0XDIlaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-ZA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&pcode=fairfaxheader492510264302&rx=635299587676&callback=MoatNadoAllJsonpRequest_78306610
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.85.185 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-85-185.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 3b3d881dc186f3dbe197076f417286e88ff5b84d6f77096e31308c42a431c4d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "709592c92c7dbd464b666040ae8a57a33153b065"
content-length: 328
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame 26D7 1 KB
2 KB 8ms
7ms Document
text/html 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

x-amz-id-2: tXhAc64MXavoo2Ys7gL4K0CHvWdnnjW6yMDYhattkSwkbmjydK4ZTHB9EYLhbnHzR5lAnVYPFb8=
x-amz-request-id: 7Y2H1YDSCY2G4ZCG
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
accept-ranges: bytes
content-type: text/html
content-length: 1374
server: AmazonS3
cache-control: max-age=639
date: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 modules.376dac12c7cbd03331c3.js Show response
script.hotjar.com/ 226 KB
60 KB 27ms
7ms Script
application/javascript 13.32.22.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.376dac12c7cbd03331c3.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-49.fra56.r.cloudfront.net

Software

Resource Hash

762eec26c35697c778960f1348261ead87844a3fb32e847f237cc6fdab697ba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 12:27:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 513630
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 60634
access-control-allow-origin: *
last-modified: Tue, 23 Nov 2021 12:26:27 GMT
etag: "a104d8caba37d824b6eacd90ef7757da"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 103eb504d36d97c9f30550032223d996.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: mW7U1ecrm5c0XklvGZ9Sp12EsWiVWrjgMGdtJBQ2QPk_HLeDPfia2g==

GET
H2 200 glcfg510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/configs/ 2 KB
1 KB 7ms
7ms Script
application/javascript 2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: wnIBsJV.WYX0QccuSdW3u9_ELj0bpyte
content-encoding: gzip
etag: W/"931051f801612c3a0e2782961ac3d56c"
last-modified: Mon, 15 Nov 2021 15:07:57 GMT
server: AmazonS3
age: 3262
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 29 Nov 2021 10:13:18 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: ZsbKDQi_cWS5JzLpICbEcad2C98XM6gc04Hl44HErwLX8-dIePZ3Kg==

GET
H3 200 419599435931961 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/419599435931961?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

47c87e2004b4452b33d08a61a3807a87c6fec50158f9909ac1013f4b81e8bb41

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88827
x-xss-protection: 0
pragma: public
x-fb-debug: EePDLtEYbqk1w4HKzWwXanW1WixW9BgyDzYYdo5XbsV6kSBsTkw/eLYCN+JxrjRvHDxXaQ4YKtvRGG1+5SVE8A==
x-frame-options: DENY
date: Mon, 29 Nov 2021 11:07:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%252C3519914%26time%3D1638184056572%26url%3Dhttps%253A%252F%252Fwww.afr.com%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-...

0
155 B

385ms
180ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&liSync=true&e_ipv6=AQKCaoxgVAhsOgAAAX1rYPo51V1FLcY_xY3AuDXUqsfw4RHn6FlR5GGluaGExq0X97CH_cmn
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:37 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: MEWOlrj/uxbQ1oGKdisAAA==

Redirect headers

date: Mon, 29 Nov 2021 11:07:37 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1638184056572&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&liSync=true&e_ipv6=AQKCaoxgVAhsOgAAAX1rYPo51V1FLcY_xY3AuDXUqsfw4RHn6FlR5GGluaGExq0X97CH_cmn
x-li-proto: http/2
x-li-pop: prod-lor1
content-length: 0
x-li-uuid: M8l4gbj/uxZAHAoq4SoAAA==

GET
H2 200 10167837.json Show response
s.yimg.com/wi/config/ 2 B
448 B 66ms
24ms XHR
application/json 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10167837.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:00:09 GMT
x-content-type-options: nosniff
age: 447
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: C86PHBJ1ZXWVVG0N
x-amz-id-2: l6OtL9GKpXpkZY2tX8ZGGarne56YrXNYjmthJxP8XmJgEEm10oaomi3t5mTp46bWHhii9w+eYYs=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 2

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
675 B 131ms
116ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ff00ea78-d2ec-4a13-8742-274b2e6d1fd0&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Mon, 29 Nov 2021 11:07:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 97f1556e5a777398fbdcb656fa45dd6026a2cdc8c12ce2866c0e559ed95cee8a
x-transaction: 26f3972e56be4872
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
365 B 111ms
111ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ff00ea78-d2ec-4a13-8742-274b2e6d1fd0&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 104
pragma: no-cache
last-modified: Mon, 29 Nov 2021 11:07:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 5d7a66d1b2c8211d9a6d4b7d3a24508d49c7d644cf5c1326b76c34debbf813ff
x-transaction: 96399ec17b914121
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 box-ad575b5823df97fc9725e14a57070642.html Show response
vars.hotjar.com/ Frame EC13 2 KB
1 KB 26ms
8ms Document
text/html 143.204.207.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-41.fra53.r.cloudfront.net
Software: /
Resource Hash: f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/html
content-length: 1050
date: Tue, 16 Nov 2021 11:16:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "a123045c9cc95cfe44d6b5d126b9f1a7"
last-modified: Tue, 16 Nov 2021 11:15:47 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ab39b007ab81966ada6e7fb1536bf377.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: WJf_1G1nbNkD04D0eB-LqR8-riZRr-b0mDiCtBrxzWI1D6eATuwpug==
age: 1122690

GET
H2 200 fc2c63baa23f7c11ea923073.js Show response
static-au.plista.com/async/pub/ 31 B
362 B 11ms
11ms Script
application/javascript 138.201.125.235
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static-au.plista.com/async/pub/fc2c63baa23f7c11ea923073.js

Requested by

Host: static-au.plista.com
URL: https://static-au.plista.com/async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

138.201.125.235 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.235.125.201.138.clients.your-server.de

Software

nginx /

Resource Hash

e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 29 Nov 2021 10:54:40 GMT
server: nginx
age: 775
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish-v4
cache-control: public, must-revalidate, proxy-revalidate
x-varnish: 317618194 316255347
accept-ranges: bytes
content-length: 51
expires: Tue, 30 Nov 2021 10:54:41 GMT

GET
H2 200 storageframe.html Show response
secure-gl.imrworldwide.com/ Frame C412 11 KB
4 KB 73ms
34ms Document
text/html 2600:9000:206f:ea00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-gl.imrworldwide.com/storageframe.html
Requested by: Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:ea00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/html
vary: Accept-Encoding
date: Mon, 29 Nov 2021 11:07:36 GMT
server: nginx
last-modified: Fri, 19 Nov 2021 15:15:21 GMT
etag: W/"6197bf89-2b27"
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: wgOdg0uNkV2S2WdY-VgfAh5FD-vCZnxymfXIj8l5_85aKalHsBEENA==

POST
H/1.1 200
OK / Show response
l.ffx.io/ 2 B
417 B 280ms
280ms XHR
text/plain 13.238.165.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.278d4324d6c3028ac446.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.165.50 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Mon, 29 Nov 2021 11:07:37 GMT
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Length: 2

OPTIONS
H/1.1 204
No Content /
l.ffx.io/ Frame 0
0 1139ms
279ms Preflight 13.238.165.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.165.50 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com
Software: nginx/1.15.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Content-Length: 0
Date: Mon, 29 Nov 2021 11:07:37 GMT
Server: nginx/1.15.9
Connection: keep-alive

GET
H2 200 P70F2B436-31E2-4369-A3CB-294DC350A880.js Show response
cdn-gl.imrworldwide.com/conf/ 33 KB
7 KB 9ms
8ms Script
application/javascript 2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Requested by: Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47e204d7f19ca1b8c69ed2d1a7c300e2cdc5a84bbc1ab7c5d57f8bc631cb47c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 29 Nov 2021 10:14:34 GMT
content-encoding: gzip
last-modified: Mon, 29 Nov 2021 09:16:51 GMT
server: AmazonS3
age: 3183
etag: W/"1a2c02d7220c046d9fcb48d4bbb8227f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 99Jamf42E4TZOFgD05Q.b4pL4h_k5Lnr
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: X5Jv5rnJcI0xOpTxQyIEBl8RGNh5ps0yMkU28SOLGw8m8Pefm1Zrwg==

GET
H2 200 40c67467a7a095062a8807ae3857ec2663d80b01
static.ffx.io/images/$zoom_0.2649%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 4 KB
4 KB 18ms
18ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2649%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/40c67467a7a095062a8807ae3857ec2663d80b01
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 02a4dfbbf2a2b2b60a672d8f8b967d87db051cda5c2473a6edd5affaabce7b3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 920819
edge-cache-tag: 285059658895818209247578547561181697999,353892264390315229374883015244402838070,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="40c67467a7a095062a8807ae3857ec2663d80b01.webp"
content-length: 4060
x-served-by: cache-dca17754-DCA, cache-hhn4021-HHN
x-cache: MISS, HIT
x-cld-skey: 285059658895818209247578547561181697999 353892264390315229374883015244402838070 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 02:48:51 GMT
server: cloudinary
x-timer: S1638184057.647846,VS0,VE1
etag: "3e5f7ad541208e09ab28ec5eb5586161"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H3 200 1831268437115893 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1831268437115893?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

453b9ac9d54282c9838b51a5ea6d8fc34983a90050a750bccccc339e61109d86

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89179
x-xss-protection: 0
pragma: public
x-fb-debug: 5z6jRd0MF8OEz6EpWQm/d81yJDqI2RuKpYijMoX72pefqq+CIulLnK+aINOrkuU1aFAH1gqP8ejE4q4IAjPwMw==
x-frame-options: DENY
date: Mon, 29 Nov 2021 11:07:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 24ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056658&cd[brand]=afr&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 389
date: Mon, 29 Nov 2021 11:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 29 Nov 2021 13:01:07 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 126ms
33ms XHR
application/json 52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&d_nsid=0&ts=1638184056678

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

217398b109fac3d2dc7d103ac98939115b86de942c686be0e12c57de3b670e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v020-0945a571e.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: tFYqhXm4Qig=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 874
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 collect.js Show response
10510523.collect.igodigital.com/ 9 KB
2 KB 343ms
120ms Script
application/javascript 23.21.180.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://10510523.collect.igodigital.com/collect.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.180.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-180-34.compute-1.amazonaws.com
Software: /
Resource Hash: 4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
last-modified: Fri, 26 Nov 2021 15:16:01 GMT
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 p.js Show response
cdn.parsely.com/keys/afr.com/ 72 KB
25 KB 30ms
11ms Script
application/javascript 65.9.7.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/afr.com/p.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.7.60 Altamonte Springs, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-7-60.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e08410c46d34e10e615b8db79c9ff00de29e1a60179ede7a355d1d9c1c5307c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Nov 2021 09:06:21 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 21:52:02 GMT
server: nginx
age: 7275
etag: W/"616f3e02-11f4e"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: ND62xQlRVp8bmUb5uF3udYVVDbLcIJnTyQ--IVBTOHgwqpoMYXx78g==
expires: Tue, 30 Nov 2021 09:06:21 GMT

GET
H3

200

src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_... Show response
adservice.google.com/ddm/fls/z/ Frame 55E0
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_la...
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-i...
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-in...

42 B
63 B

124ms
76ms

Document
image/gif

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Nov 2021 11:07:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Nov 2021 11:07:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CN-ZoZa3vfQCFQSKsgodFycArA;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5473591689641.319
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 d2c50b732b9de83377cb29b80ebd099c09d83067
static.ffx.io/images/$zoom_0.5298%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_68/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 3 KB
3 KB 8ms
8ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.5298%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_68/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/d2c50b732b9de83377cb29b80ebd099c09d83067
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 868db59bd0bad1449709464fa32045935b051648dff060c81247438a7b91b198

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 varnish, 1.1 varnish
age: 28190
edge-cache-tag: 257772156100735457449357767880694822532,362212924724950182820459096023107720843,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="d2c50b732b9de83377cb29b80ebd099c09d83067.webp"
content-length: 2724
x-served-by: cache-hhn4054-HHN, cache-hhn4021-HHN
x-cache: HIT, HIT
x-cld-skey: 257772156100735457449357767880694822532 362212924724950182820459096023107720843 5f5f4219172da4ec8104790896b11172
last-modified: Tue, 10 Aug 2021 01:10:36 GMT
server: cloudinary
x-timer: S1638184057.703481,VS0,VE1
etag: "36f707c8b47e34e5cf4fd82e1b014aa2"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
715 B 118ms
37ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Mon%2C%2029%20Nov%202021%2011%3A07%3A36%20GMT&n=0&b=CreditWatch%20founder%20Colin%20Porter%20returns%20to%20stop%20invoice%20scams%20costing%20businesses%20more%20than%20%24100m&.yp=10167837&f=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&e=https%3A%2F%2Ft.co%2F&enc=UTF-8&yv=1.10.2&tagmgr=gtm

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3

200

dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=*;ps=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1?
https://ad.doubleclick.net/activity;dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1?
https://adservice.google.com/ddm/fls/z/dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=*;ps=1

42 B
63 B

122ms
75ms

Image
image/gif

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=*;ps=1

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=CKaaoZa3vfQCFQSKsgodFycArA;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=*;ps=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1
6633783.fls.doubleclick.net/ 0
0 72ms
48ms Image
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6633783.fls.doubleclick.net/activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=6043918289722;gtm=2wgba1;auiddc=1930976652.1638184057;ps=1?
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 193 KB
54 KB 8ms
8ms Script
application/javascript 2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: zlYBAKd4EFa8SaOhPOy.ffYFxOn9YL7u
content-encoding: gzip
etag: W/"711241d99f4dbd99c7bef0f79ce85582"
last-modified: Mon, 15 Nov 2021 15:07:58 GMT
server: AmazonS3
age: 3559
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 29 Nov 2021 10:08:17 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: PsKDKtNEoCg9vyvhmggjwa4wL5g3J_RHzGXqh9Fm0rVEvMBwOsAUuw==

GET
H3 200 953970877989909 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/953970877989909?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48f2243a31d116f576b0c06cbed9b9ad55d92a8910ec53f9fbe525ec020649db

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88884
x-xss-protection: 0
pragma: public
x-fb-debug: TeZgs2mlZw6QGMBlE732m2z5yncWA55V7pxU8O8djAXRFPxGH8jKCvTtqbg2SNv1SO/d4XjDq/bGOeV0/6g/kw==
x-frame-options: DENY
date: Mon, 29 Nov 2021 11:07:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 18ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056772&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%221111245219334310%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22248737323376397%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22238870547858716%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%221061618751009995%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 138ms
50ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 136ms
49ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 11:07:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 165 KB
48 KB 535ms
535ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3675867651725011&correlator=2119785965703503&output=ldjh&impl=fifs&eid=44752540&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211129&iu_parts=21671780509%2Cafr%2Ctechnology%2Cstartupfunding&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=970x250%7C728x90%2C970x250%7C728x90%2C320x50%7C6x2%2C300x600%7C300x250%7C160x600%2C320x50%7C6x2&fluid=0%2C0%2Cheight%2C0%2Cheight&prev_scp=pos%3D1%26src_ad_id%3Dadspot-970x250_728x90-pos1-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-970x250_728x90-pos2-desktop%7Cpos%3D1%26src_ad_id%3Dadspot-N-6x2-pos1-desktop%26nativesz%3D6x2%7Cpos%3D3%26src_ad_id%3Dadspot-300x600_300x250_160x600-pos3-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-N-6x2-pos2-desktop%26nativesz%3D6x2&cust_params=adKitVersion%3D2.1.12%26autoRefresh%3Dfalse%26brms%3Dtrue%26brvs%3Dtrue%26deployEnv%3Dproduction%26layout%3Dblue%26pageid%3Dp59cnk%26pageviewid%3DDD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9%26swgt%3Dna%26sysEnv%3Ddesktop%26cat%3Dtechnology%26cat1%3Dstartupfunding%26ctype%3Darticle%26csub%3Dvisitor%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26gs_cat%3Dneg_apple_keywords%252Cjourno_finexpert%252Cneg_custom_nespresso%252Cgt_negative%252Cmicrosoft_kwbl%252Cneg_westpac_brandsaftey2020%252Cwestpac_brandsaftey%252Camex_master_kwbl%252Cneg_mcdonalds_kwbl%252Cmicrosoft_master_kwbl%252Cneg_custom_freestyle_libre%252Cnab_neg_kw%252Ccommsec_negativekeywords%252Cubank_kwbl%252Cwestpac_kwbl%252Cneg_ffx_officeworks_kwbl%252Cneg_ffx_anzbank_kwbl%252Csemi_retired_workforce_predts%252Cbanking_kwbl%252Cfinancev2_kwbl%252Cbtfinancial_kwbl%252Ccustom_nab_2020%252Cxero_competitors_predts%252Cneg_lego_custom%252Cgv_crime%252Cneg_ffx_crime_other%252Csubaru_master_kwbl%252Cfinancial-planning%252Cfxcm_kwbl%252Cbunnings_kwbl%252Cpaypal_kwbl%252Camex_kwbl%252Clandcorp_kwbl%252Cbunnings_master_kwbl%252Ctechdevices%252Cinternet%252Cneg_us_protests%252Cnab_kwbl%252Cpaypal_sme_predts%252Csustainable-investing%252Cffx_volkswagen_kw_blacklist%252Cmayohardware_thermalbodycameras%252Clavazza_kwbl%252Cford_kwbl%252Chbf_negative_kwbl%252Cgt_negative_dislike%252Cintuit_stp%252Cardent_kwbl%252Cdreamworld_accident_kwbl%252Cgt_negative_mistrust%252Cfirsthomebuyers%252Cfinancial-events%252Chome_loans_predts%252Cnesting_seg_example%252Cwoolworths_retail_vertical%252Cxero_accounting_software%252Caccounting_students_predts%252Crexona_kwbl%252Cgs_finance%252Cmcd_scandal_kwbl%252Clogmein_meetings_predts%252Cgs_business%252Chousingmarket%252Cgs_tech_computing%252Ctech_and_telco_vertical%252Cxero_kwbl%252Cgoogle_master_kwbl%252Cgambling_kwbl%252Cgs_tech%252Ciag_552192_blocked_words%252Cgs_business_management%252Cchanging_careers_predts%252Cgt_negative_anger%252Cneg_ey_finance_brand_safety_2%252Cnswec_kwbl%252Csecondary_income_predts%252Cstreaming%252Cgoogle_kwbl&cookie_enabled=1&bc=31&abxe=1&lmt=1638184056&dt=1638184056806&dlt=1638184055887&idt=670&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C315%2C1277%2C1130%2C1277&adys=231%2C1738%2C2514%2C2624%2C2531&adks=4248342376%2C1703217959%2C1285727217%2C1639843509%2C3101599484&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x138%7C1340x146%7C300x16%7C380x0%7C300x17&msz=1600x90%7C1340x90%7C300x0%7C380x0%7C300x0&ga_vid=553984421.1638184057&ga_sid=1638184057&ga_hid=651622285&ga_fc=false&fws=4%2C4%2C4%2C516%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C1%7C2%7C3%7C4&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b5cdc8c5d406b42ff1676ed609d0f9d2efd09df5a781be6a3a7d5d84c59338f3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ32pZa3vfQCFS_LuwgdyAkHag&gqi=&layout=/sadbundle/%24csp%253Der3%24/5137889399521447841/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ32pZa3vfQCFS_LuwgdyAkHag&gqi=&layout=/sadbundle/%24csp%253Der3%24/5137889399521447841/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
google-creative-id: -1,-1,-2,-1,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48943
x-xss-protection: 0
google-lineitem-id: -1,-1,-2,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Mon, 29 Nov 2021 11:07:37 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.afr.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 832E 6 KB
4 KB 152ms
49ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 29 Nov 2021 11:07:36 GMT
expires: Tue, 29 Nov 2022 11:07:36 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ 44 B
524 B 34ms
34ms Image
image/gif 2600:9000:206f:ea00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1638184056818&ci=f2&js=1&cg=0&ts=adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ff00ea78-d2ec-4a13-8742-274b2e6d1fd0&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&tpx_cb=twttr.conversion.loadPixels&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rp=https%3A%2F%2Ft.co%2F&sr=1600x1200&id=lstrg-d84970203cd5777d7f48caa1a82df165
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:ea00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 44
x-amz-cf-id: 1Afe7HaorSMwP0pmwkJZQkV4RHDGbbz527cthqTEymtsJHMn_sxExA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
fairfaxau.demdex.net/ Frame DA62 7 KB
3 KB 137ms
31ms Document
text/html 52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfaxau.demdex.net/dest5.html?d_nsid=0

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 29 Nov 2021 11:07:36 GMT
DCS: dcs-prod-irl1-2-v020-0518deda5.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 26 Nov 2021 14:22:51 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Q3u4BbMjQik=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
fairfaxau.sc.omtrdc.net/ 2 B
313 B 61ms
16ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfaxau.sc.omtrdc.net/id?d_visid_ver=1.8.0&d_fieldgroup=A&mcorgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&mid=40582106574024553880595605017355376407&ts=1638184056830

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6988cccb6f-m8t8g
vary: Origin
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

POST
H/1.1 200
OK event Show response
nd.demdex.net/ 2 KB
2 KB 131ms
34ms XHR
application/json 54.73.127.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/event?_ts=1638184056680

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.73.127.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-73-127-110.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bf1cb2b945f341724d08a3a8522a756ce0c621065e24dc16a87f296c9f36f9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v020-08de76582.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: Mjmji1Z5RiE=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 735
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 69C0 12 KB
4 KB 8ms
7ms Document
text/html 2600:9000:214f:1a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/html
last-modified: Mon, 15 Nov 2021 15:07:57 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: eeUHn6RuBJqT9WBL83URT7i74FkkqMiV
server: AmazonS3
content-encoding: gzip
date: Mon, 29 Nov 2021 10:09:12 GMT
cache-control: max-age=86400
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 9dzNkeeX6xFr-WEGTtbBeWtZ22AQqDFNzBct1fwwIXlTa11nrxVw4g==
age: 7078

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056875&cd[user.status]=visitor&cd[brand]=afr&cd[page.type]=article&cd[section.primaryCategory]=technology&cd[page.renderedPlatform]=WEB&cd[Container%20ID]=GTM-NN4PPKH&cd[page.name]=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&cd[page.primaryTag]=Start-up%20funding&cd[page.author]=James%20Eyers&cd[page.fullPageLoad]=true&cd[userAgent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 11ms
10ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056877&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 12ms
11ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056878&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 12ms
11ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056880&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 12ms
11ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056883&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=2&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 13ms
12ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056884&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 13ms
12ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1638184056885&cd[eventCategory]=meter&cd[eventLabel]=freearticle&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1638184056657.1167069913&it=1638184056538&coo=false&exp=p0&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 29 Nov 2021 11:07:36 GMT

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 85ms
39ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 10:49:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Nov 2021 11:49:35 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 69ms
45ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=651622285&t=pageview&_s=1&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&dr=https%3A%2F%2Ft.co%2F&dp=%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&ul=en-us&de=UTF-8&dt=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChACEALBAAAAC~&jid=672133451&gjid=542890982&cid=553984421.1638184057&tid=UA-91053368-8&_gid=2073609616.1638184057&_r=1&gtm=2wgba1NN4PPKH&cd1=afr&cd2=2021-11-29T03%3A00%3A00.000Z&cd3=2021-11-29T03%3A00%3A00.000Z&cd4=James%20Eyers&cd5=WEB&cd6=DD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9&cd7=article&cd8=Technology&cd10=authoring&cd11=p59cnk&cd12=false&cd14=visitor&cd16=0&cd21=AFR&cd22=Fintech%7CStart-ups%7CPayments%7CCredit%20rating%7CBig%20four%20banks%7COpen%20banking%7CCyber%20security%20(Editorial%20use)%7CAustralian%20Competition%20and%20Consumer%20Commission%7CScams%7CBusiness%20IT&cd23=Start-up%20funding&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd33=%22e01bf57c-3d64-493a-bfa7-921726fc3309%22&cd35=true&cd38=https%3A%2F%2Ft.co%2F&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&cd46=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&cd56=visitor&cd57=false&cd60=&cd61=false&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&cd66=&z=904959489

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 69C0 44 B
560 B 41ms
30ms Image
image/gif 34.252.91.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&sessionId=dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.615&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.91.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-91-197.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com/ Frame 69C0 35 B
348 B 53ms
7ms Image
image/gif 2600:9000:2057:e600:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com/
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:e600:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 01:26:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 34862
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 35
x-amz-cf-id: cw_AZoAWDydEdi89XUeEGasZsssxHbblYa4uFCueybZfVHvWHDD0ww==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=651622285&t=event&ni=0&_s=2&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&dr=https%3A%2F%2Ft.co%2F&dp=%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&ul=en-us&de=UTF-8&dt=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=meter&ea=meter%20impression&el=freearticle&ev=0&_u=aChACEALBAAAAC~&jid=&gjid=&cid=553984421.1638184057&tid=UA-91053368-8&_gid=2073609616.1638184057&gtm=2wgba1NN4PPKH&cd1=afr&cd2=2021-11-29T03%3A00%3A00.000Z&cd3=2021-11-29T03%3A00%3A00.000Z&cd4=James%20Eyers&cd5=WEB&cd6=DD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9&cd7=article&cd8=Technology&cd10=authoring&cd11=p59cnk&cd12=false&cd14=visitor&cd16=1&cd21=AFR&cd22=Fintech%7CStart-ups%7CPayments%7CCredit%20rating%7CBig%20four%20banks%7COpen%20banking%7CCyber%20security%20(Editorial%20use)%7CAustralian%20Competition%20and%20Consumer%20Commission%7CScams%7CBusiness%20IT&cd23=Start-up%20funding&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd33=%22e01bf57c-3d64-493a-bfa7-921726fc3309%22&cd35=true&cd38=https%3A%2F%2Ft.co%2F&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&cd46=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&cd56=visitor&cd57=false&cd60=&cd61=false&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&cd66=&promo1cr=technology&promo1id=freearticle&promo1nm=meter&promo1ps=Save%2050%25%20for%20your%20first%203%20months.&z=1579323087

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 10:01:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3944
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 57ms
18ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-91053368-8&cid=553984421.1638184057&jid=672133451&gjid=542890982&_gid=2073609616.1638184057&_u=YChACEAKBAAAAC~&z=1848802508

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 29 Nov 2021 11:07:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=1038005398024162734
dpm.demdex.net/ Frame DA62
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=1038005398024162734

42 B
945 B

33ms
33ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=1038005398024162734

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-057831767.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Z6z4AWmRQVw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 11:07:37 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5915bd98-a194-4cf3-8b51-21a249b28442
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=1038005398024162734
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=3218223908093524481
dpm.demdex.net/ Frame DA62
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3218223908093524481

42 B
945 B

57ms
32ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=3218223908093524481

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-05e97730b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: oQ2YBjbNTz4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=3218223908093524481
pragma: no-cache
date: Mon, 29 Nov 2021 11:07:36 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame DA62 0
214 B 35ms
11ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=40358447216782398450583103901759281710&gdpr=0&gdpr_consent=
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 403 track_page_view
nova.collect.igodigital.com/c2/10510523/ 43 B
354 B 106ms
105ms Image
image/gif 23.21.180.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22CreditWatch%20founder%20Colin%20Porter%20returns%20to%20stop%20invoice%20scams%20costing%20businesses%20more%20than%20%24100m%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk%22%2C%22referrer%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22user_info%22%3A%7B%7D%7D

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.21.180.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-180-34.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-runtime: 0.003199
date: Mon, 29 Nov 2021 11:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 7480dc01-4e7d-42b1-9b11-463ae10f1144

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 404ms
96ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1638184057045&plid=71196919&idsite=afr.com&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&urlref=https%3A%2F%2Ft.co%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22_pageviewID%22%3A%22DD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9%22%2C%22user_engagement%22%3A%22single%2Floyal%22%7D&sid=1&surl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&sref=https%3A%2F%2Ft.co%2F&sts=1638184057038&slts=0&title=CreditWatch+founder+Colin+Porter+returns+to+stop+invoice+scams+costing+businesses+more+than+%24100m&date=Mon+Nov+29+2021+11%3A07%3A37+GMT%2B0000+(GMT)&action=pageview&js=1&pvid=67216673&u=pid%3D703d5cfed8789976397a4ed2f9aca88a
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 11:07:37 GMT
Cache-Control: no-cache
Last-Modified: Monday, 29-Nov-2021 11:07:37 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 147ms
61ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-91053368-8&cid=553984421.1638184057&jid=672133451&_u=YChACEAKBAAAAC~&z=1524959016

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 148ms
63ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-91053368-8&cid=553984421.1638184057&jid=672133451&_u=YChACEAKBAAAAC~&z=1524959016

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 500 usersync.html
image5.pubmatic.com/AdServer/usersync/ Frame DA62 0
0 109ms
52ms Image
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEE_qyM8TC2nBQ0hsDz_42XM&google_cver=1
dpm.demdex.net/ Frame DA62
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDAzNTg0NDcyMTY3ODIzOTg0NTA1ODMxMDM5MDE3NTkyODE3MTA=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEE_qyM8TC2nBQ0hsDz_42XM&google_cver=1?gdpr=0&gdpr_consent=

42 B
945 B

31ms
31ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEE_qyM8TC2nBQ0hsDz_42XM&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v020-07de14493.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: xyhyvzH2TIQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEE_qyM8TC2nBQ0hsDz_42XM&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=782&dpuuid=YaS0eQAAlM77KQAy
dpm.demdex.net/ Frame DA62
Redirect Chain

https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YaS0eQAAlM77KQAy
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YaS0eQAAlM77KQAy

42 B
945 B

33ms
33ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=782&dpuuid=YaS0eQAAlM77KQAy

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v020-00d36ed7c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: D3TZx8FhTO8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1638184057.254448,VS0,VE94
x-served-by: cache-hhn4073-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://dpm.demdex.net/ibs:dpid=782&dpuuid=YaS0eQAAlM77KQAy
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET

demdex_user_sync
sync.adaptv.advertising.com/ Frame DA62
Redirect Chain

https://sync.adap.tv/demdex_user_sync
https://sync.adaptv.advertising.com/demdex_user_sync?

0
0

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 400ms
96ms XHR
text/plain 34.197.14.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.197.14.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-14-190.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Mon, 29 Nov 2021 11:07:37 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 71b5bcc1-b97c-40aa-91af-905be49f9873

GET
H/1.1

200
OK

ibs:dpid=23728&dpuuid=YaS0eSLJjitDbk6l0ZxR4gAA%261116
dpm.demdex.net/ Frame DA62
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YaS0eSLJjitDbk6l0ZxR4gAA%261116

42 B
945 B

32ms
31ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YaS0eSLJjitDbk6l0ZxR4gAA%261116

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-07261de38.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: txxP72pmTFc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 11:07:37 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YaS0eSLJjitDbk6l0ZxR4gAA%261116
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 264
Expires: Mon, 29 Nov 2021 11:07:37 GMT

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame DA62
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=40358447216782398450583103901759281710&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

42 B
963 B

30ms
30ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-0518deda5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 303,104
X-TID: YdSsIPtnTg0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date: Mon, 29 Nov 2021 11:07:37 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame DA62
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=40358447216782398450583103901759281710&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-Qtfnv7JE2pG6VM61_ur3LGpSchhULw.R.1M-~A

42 B
945 B

31ms
31ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-Qtfnv7JE2pG6VM61_ur3LGpSchhULw.R.1M-~A

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-0eb7fe21b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 78X1B4A1Qd8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Mon, 29 Nov 2021 11:07:37 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-Qtfnv7JE2pG6VM61_ur3LGpSchhULw.R.1M-~A
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 27F1 0
15 B 8ms
8ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.afr.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 29 Nov 2021 11:07:37 GMT

GET
H2 200 / Show response
adc.nine.com.au/ 89 B
550 B 906ms
314ms Fetch
application/json 52.65.130.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.65.130.251 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-65-130-251.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

b132add03b6d07a7bc67c308e92b273af36c7b0525f7f847b84bb3bb0cdacb5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json
Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
server: awselb/2.0
vary: Origin
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.afr.com
api-supported-versions: 1.0
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=2592000
content-type: application/json; charset=utf-8
content-length: 89

POST
H3 200 / Show response
www.facebook.com/tr/ Frame DB15 0
15 B 7ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.afr.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 29 Nov 2021 11:07:37 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame B01C 189 KB
55 KB 134ms
37ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame B01C 13 KB
5 KB 227ms
130ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame B01C 89 KB
28 KB 212ms
116ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame B01C 5 KB
2 KB 202ms
106ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame B01C 40 KB
13 KB 203ms
107ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Sat, 27 Nov 2021 16:21:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 27 Nov 2022 16:21:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B01C 3 KB
1 KB 133ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 09:46:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Nov 2021 11:07:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Nov 2021 11:07:37 GMT

GET
H3 200 container.html Show response
85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CBCD 6 KB
3 KB 92ms
45ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 29 Nov 2021 11:07:36 GMT
expires: Tue, 29 Nov 2022 11:07:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D8FF 6 KB
3 KB 82ms
40ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 29 Nov 2021 11:07:36 GMT
expires: Tue, 29 Nov 2022 11:07:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B01C 2 KB
3 KB 128ms
39ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 28 Nov 2021 20:15:16 GMT
x-content-type-options: nosniff
server: cafe
age: 53541
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 29 Nov 2021 20:15:16 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B01C 295 B
757 B 127ms
38ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 19443
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 30 Nov 2021 05:43:34 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B01C 0
0 79ms
78ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHSFxeLSkYZraNa-W7_UPyJOc0AaexYHhZsHtpd6MD9rZHhABIL3buWBgleKQgqAHoAGunsy7AsgBCakCpvtVV2bnsj7gAgCoAwHIAwqqBLYCT9D0S2k79ZUkJMglLBDa9EFcqPoYisNbt3iE8JxelcIo9Wc2ZyMqtF2YXpVcQtkOIs8fBviORQpqZw357FhDV5ZxjHrqUnWtiKhhBSmp_m9NY8hNoNBrF5GtQJdbLeyTuxHZkUo9o46CyMR6BjVBvj3GUIsfNFBfp_GQHzw2XJ4s-67NsoHsHJnh31I4iofui9UFDzHxxXNP41t9HKfYpC-cTvw0KY0VwWL_sCYdwzel4FRN6jesM-UekUgevnefDcRGwoX3EmGHnZYf6qHSOU1NRxYwM81qNQ3xnZxLdCLboVM4Oo-0TUlfq8doLrd3X4G39N2nhxMcj56k83qneIIocgNue_mimj1jKGne5v4UCCmQoDSXD-xzesqYoFGZ-94JgQpeTv5yQzgfrnRwMXuC904ANMAEyJ2EiO4D4AQBkgUECAQYAZIFBAgFGASgBi6AB6yG1YMCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQyacn0ggJCIjhgHAQARgdgAoDyAsBuBOIJ9gTDdAVAYAXAbIXHgocCAASFHB1Yi04MDI3NjU1OTE3MzQ5NDEwGK2Faw&sigh=ROlC38XuUKE&uach_m=[UACH]&template_id=5000&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1187 0
15 B 7ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.afr.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 29 Nov 2021 11:07:37 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 282 KB
42 KB 43ms
43ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

958b58f5489248327ecb9ceb5d623dea8811c23a8e2b484be4c4ec9dc669cfb5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Mon, 22 Nov 2021 20:28:54 GMT
expires: Tue, 22 Nov 2022 20:28:54 GMT
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 41120
age: 571123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D8FF 0
0 81ms
81ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTI1LeLSkYZ3aNa-W7_UPyJOc0AaexYHhZoHIlIWWD9rZHhABIL3buWBgleKQgqAHoAGunsy7AsgBCakCpvtVV2bnsj7gAgCoAwHIAwiqBLwCT9Cw1X3g3LQC7DNJiNp9Ih6554lx8QvkX-BUIHJKIuMNiyZRYwuwdyN8hBeLAUMX4w_Stiw7PHu2twPJXTmGERp6RRg1kRd3wJs_CmjVI1DjcLYX5B4nMdEQZ6ag2EgPjNUQdFXIrkUpBQfz_Fq9DQY5y7YucXVM4vbVxUvyfBPfDXtrn8pL5-OHclwPZ76-KHi_TnOe4SVsQVWYD9RQOPD4ouchmHLKCTfoBG9K49jspo1TWU1w8IGDY0uC6HLy-DXQz2v6wRNAwIiubXV1qYKtChvkTc7W1Om3x0jt25WIBbAEM1CFpACv5-o4vUOlyVCRXWzJBtj8LtWjz8IlJlHtokj08YeaKTRBi2JoBat0SlYVtSkicTPtCzTlK6alGXmzmeUH460MTvbUH6yFyX2CWUPU9usDBYgzxcAEyJ2EiO4D4AQBkgUECAQYAZIFBAgFGASgBi6AB6yG1YMCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQx-k40ggJCIjhgHAQARgdgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTgwMjc2NTU5MTczNDk0MTAYrYVr&sigh=1IjUmtmFCL0&uach_m=[UACH]&template_id=419
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame D8FF 19 KB
8 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:07:07 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame D8FF 2 KB
1 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:05:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:05:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8FF 119 KB
37 KB 217ms
127ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Nov 2021 11:07:37 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame D8FF 15 KB
6 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:06:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:06:45 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7347 0
312 B 53ms
49ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYxb6dugEwAQ&v=APEucNWCYOA0DyiChn1ieFQlLwIGrecY_XTVQxsS2UZkU2HvF1x6lg0IGKzFvdoqQzudial6nvdv5GuuhaRbGcwooZGsc2og0Q

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 29 Nov 2021 11:07:37 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 29 Nov 2021 11:07:37 GMT
cache-control: private

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CBCD 55 KB
28 KB 88ms
84ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWgtqDVcRU95hP4I-h4Yvk0gyubUrJRvDtmrsHwMKVyZi4JB8rFEqxe-IMle0nWiF-Tzc3ySc3bQFw1s75LGCguUuzqIIE8WOXGQxkMw5Z3OV_yPHZHIbpEbxNFhYafxpD-_2AZ2Sia4Pf54wGsUFRn2250Q&dbm_d=AKAmf-C7YzenMMN9cNkYFAOp_O1mpKgyBMv7K2D29O9BV66cjAgJB9WdBVcjUdf2Ou9wQDRQYtO2wlgAvdT-_ByFzkNjO32CBpru4lpjexp65Njo80MfZ0g7tPvLlJ_phFAR0K4YWhAOKbk7FHyQssTcyNrRLAxfS6U_DfR7fO26FQ1hU1BFyM73_7GtnUIZ_RJ6a9Qu1BzNaSyxlrSrETha5qLkWeq8PJiBKPx13VzKNtwEYW4xz6-Hnuh4RWcHrpFyE1A-q7NnXh5sUI6zUrN1H4ES70U2V7Yxd5MR-fL3W3dq6qLrGCIvca0p0MirCAGMmHw_O3Pe77_SuUo4Wv9G-P7VhUcu6jBe-lVhd87YSr2XpVWrrkvFb5fOoD2MHi3bXpNscdLhKj6JC1QB3QFI1Zhywqe9SORNjRV4Gwubo6oN1Uol1LTgCdEySz9GihcakwrMryR6LvIoovzecSeo7GBjBGhk10rlU6dzCJaUq3-fviLXGqNjUIUyhrVhmxh-J4VrzhUbjLbywlXO8Px88m1nZSeE8x365FrHEMs7dW_vXTyrOkixBMC3pj3Zmao19vBy5f95gnll-d55mNaeekfw22Bo88QzbIdT9cGCKgDQdKeGd8QsHvHW5cFigk-2XJ5AajSJMXfuOj-oRfYCzG1OaPJxUHA5g12w0iPbrYIQ-lxiTjMARcnp1A7lzAsx3O7Oz3tKfz8So42A1HoXmMXVi2X9OmSauCKvaUS6PyNLUGgopkBEkGO-5GUID9yCcur1Ddc_jJWeNNlm5ksKo5UlgAKridr3FHoKvsFtrF-cGfZRiNMzXGoUEsgabjpJguUCzWYeiVxtgu_A_bslr0RSlr8ZrWE3-KYzUhD58SXasY8Gh-TiKsh28SKQbibr36PKhf1vzrqykW9eUi5379AtlV5Uylj37GvDLvjobztRG99vaxAyPQZukBLMV0RM34c6qCYyfwkdro8AmsxMuT9aigUfZqVvZ2-szN8RYdBDbH8FEPmlAdp0IsFzRxJe7dX1JH5sNL0SxaqCVIF7Y_BFxy6JBpJzyddn7H11s3lLSjE99PMXTp0lP9G2bxuNmEDBEa84nFDa5gKETZVotr2fGNU4JEmWvdG351ePGsAHoO0AM2vIZnoej4UJIpd4DeP-g0F6PJLpnRiMeitfLMYmwhnPUyXnpemKimwlJeNqrF4nZIWYY339jEA5kl2FKZ9UWrM5l9-jEw_BVOXExuwmK0DvTJYGrNGBN5S-BPdMqc1DHyT-exOCnbnfJ5YhrJJ4or7sGXDFBICnnXZJnvq4Rfh7GgVj2fNqlE5-Yy5VdHhZD0WZ1B9K8CI_y6jR5yhJpY9rrAOoeo2pZ9JFsiT30yaFq9Aoo94U0tDUMyiW37gBQukkCpQYlk4UxFk4p-F2fnhQL3ofWSQ42yyX_ky_FoQiRFxHBwhScMQuDXDkrWV8j1hHtY40WBb-VAvmRbo18qG4TXkyzbaMrfFNsNwUmMG3-p7_MmSsmIDCzIWvTPotCU9CmamYnjPO7L8VtmwYwKXblOXEkVP2AZcmZpWTqPSdQa1skMHy_LbQ1VhngJxaT9iYw8AjCNepJC_5URltlLjp_lxWDQi-xdmh03Tj-RujtO8h3sDZ1onXXIlYds9Bp_fXPgWSgidDj5gmpsehI-IG78931Dw5OcMdpFxC0YIf6ZRLPun_uIH7ACTiv94iczWA0Q-9SSX_as_85rN5CcDWkTjTeBqenLkqCFScsBRABEFmSiKc4BcCkv3FeTcV4vCWKJIcucLFUw-ABCKlKUYZavReOFlKQ0u_vq0KeirrWJeVWxX1xlQVLyXFNzz69A3C2qFVl61jaTh3uuvqrUGK4u4ZCTSqMjA0uA73UMEGy4Wj55GSlQpoolPy7PhxnNb0EWKbBsZdij7ZmwWybSgFLvozGpvNIyMbwV8V9udfxHx49HKgmij-vVep2qkbU-ELN1YS_SLtWpltv7tyfDwAs7bSCJ6iJmeKvE1avyCQf__6Za-pU4_67xOM5CoCOkX7D6vMYpANJ5RzfaIP5mTeDyf1jDia_vl0s9RWwaaE-uK_hHxaQv13eEQ-EHEyPQg7q9VX9ccRZ29qGCxXDNIOFeKBcMPXfDGQE2DsUEqZkDhLeSVrTiIu1UXprKNGX5dIpwmsdWp9JNdFGj8JL6VObdVLwFaElbEwvtH4imw_3JxMkZJ9u-lxp2IlnFfVTyu3FbzLPxNqWEq_LQjVEvUULXODUsHCUtGOJe7GEBRi_3CjUVGOhoO9Zs0c5ihyP1d-OE7zil3L4Cv0e2uiRJ5UBRgPHq-gmtcICvNAjcsv79Uil4Gn8gB_b37z1ufRV1tVELP0YxfANCmTeO48xUT5b32YLYoKq3fmkxNWpfnVjLRj8e-7NvBnZ_Ir6YxXjaozunSy8-O5nuUqePvdXFB_8UETgmLXvb-2tljK6OOAr3jedHmzH3Xjq_AiJLVQgGKANXCH8n9dBe8VQDLQRS0NiWSh34DywzPYv_FD15J0O_GP4W2JhoxCYgxqhwftJ2JTPW0Kh7TW920mdw0AGKfkP5wF0DaFyqfbzk8xD3aEYjpxugQzA8byaLgm9TK7pxin8tqYB165crtObx7qtKdZ-OmDl9yix-DNJNaMpwdHWgTJkc5tfNTWBNPDhiqiD7QDsa-GcteRMbqrXnhF4PL5li3QlPyH1zGVOiyNg0poQz3J_z5Bk8FwfORZtKQWGn-6eLgZ9EHdKIZA2pwVFuhlcEvmba_V52GwaIqK6DxJdqw6z71jfys3YZrAxHOQl9Y6FrXOV_BCDHwBVkFRrr5-3U8lhvuk9MOKK4VUC3BJrwlOUEE_KcrhTxEiJOwNvAhHO25jWwA-GCkJ517gAYnsPhAr1VelC6JFqht-vpF4hbe7h0sGD_3aAVwCXlqv21WnAO1wUSeMJTSTWD2yLxdXP2yv7iCBerEEieVDX_Nfj7UvN6s174V0dFNVSzKbVVnL0KUXVb4LpvDCk-Hs7ZPGukYcPTVWxF0ZAvKsQPln9A-fW-eaEsH71GtOis4LjCJZuRUSeeBikCXPoIMJxPiIVPIjXKnsviuXRb5GaNHo8-ls1szUtdrZghHRq-nkStxMoN7_PvH1tHiEys2X8As25GPnDrI2TysE6mRkiAHpkiOHioGxMh0_lnunO6QtIsoXTM2RrbBJtjm6MJ2L4EamJPr3J499G8gdeufODd8XFqh5JFa5FGvsZkMFV-gy4d4&cid=CAASPeRo08a_WmMh8bd5XINbdAUVf8w6F01jYZwt_I9lT7n9593fmImcDAVHljuY-79eKQRVbStHYj1O2QlB_40&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b7d950ded2d44201e34e3caaad029e38996db2c706f925b3eeb125c3e464c896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28113
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CBCD 42 B
173 B 166ms
78ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AMwGCz2QF9S_8aW-V9uOrNWhu6J55kH0uk3kp1DmS3mp0hwT9hzKS7aNNMXmF4qKaUmreDpopiLfdGRG6Jy_BFfGlQ_NUNlSOVp0X2Zn354NmQWI4

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CBCD 2 KB
1 KB 106ms
104ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:05:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:05:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CBCD 119 KB
36 KB 266ms
182ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Nov 2021 11:07:37 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CBCD 15 KB
6 KB 102ms
100ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:06:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:06:45 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CBCD 0
0 92ms
45ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLTOUqc9vAth_e0Z1RxUoh4W8tFU2VDuoE523Q57QT0U3Ffje7Vq9hpWflDsIGk80SgEJn
Requested by: Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4677721610789872899/ Frame B01C 50 KB
50 KB 105ms
54ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4677721610789872899/downsize_200k_v1?w=600&h=314

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8315455bbf72512dcaf8ad3dd98f3335d0698e8dbfb22ffaae76f79c2100864

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 12:25:04 GMT
x-content-type-options: nosniff
age: 513753
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50988
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 09:18:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 23 Nov 2022 12:25:04 GMT

GET
DATA 200
OK truncated
/ Frame B01C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B01C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99999c8cc9a571b0450dab7388e86671dbd4b0c7e0068425cfb4dda42d60cad7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame B01C 21 KB
22 KB 128ms
39ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 10:56:24 GMT
x-content-type-options: nosniff
age: 519073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 10:56:24 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame B01C 21 KB
21 KB 171ms
81ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.afr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 20:07:29 GMT
x-content-type-options: nosniff
age: 486008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 20:07:29 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 54EE 16 KB
6 KB 53ms
50ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 28 Nov 2021 23:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41950
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 29 Nov 2021 23:28:27 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 54EE 26 KB
10 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 28 Nov 2021 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68038
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 29 Nov 2021 16:13:39 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame CBCD 24 KB
10 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWgtqDVcRU95hP4I-h4Yvk0gyubUrJRvDtmrsHwMKVyZi4JB8rFEqxe-IMle0nWiF-Tzc3ySc3bQFw1s75LGCguUuzqIIE8WOXGQxkMw5Z3OV_yPHZHIbpEbxNFhYafxpD-_2AZ2Sia4Pf54wGsUFRn2250Q&dbm_d=AKAmf-C7YzenMMN9cNkYFAOp_O1mpKgyBMv7K2D29O9BV66cjAgJB9WdBVcjUdf2Ou9wQDRQYtO2wlgAvdT-_ByFzkNjO32CBpru4lpjexp65Njo80MfZ0g7tPvLlJ_phFAR0K4YWhAOKbk7FHyQssTcyNrRLAxfS6U_DfR7fO26FQ1hU1BFyM73_7GtnUIZ_RJ6a9Qu1BzNaSyxlrSrETha5qLkWeq8PJiBKPx13VzKNtwEYW4xz6-Hnuh4RWcHrpFyE1A-q7NnXh5sUI6zUrN1H4ES70U2V7Yxd5MR-fL3W3dq6qLrGCIvca0p0MirCAGMmHw_O3Pe77_SuUo4Wv9G-P7VhUcu6jBe-lVhd87YSr2XpVWrrkvFb5fOoD2MHi3bXpNscdLhKj6JC1QB3QFI1Zhywqe9SORNjRV4Gwubo6oN1Uol1LTgCdEySz9GihcakwrMryR6LvIoovzecSeo7GBjBGhk10rlU6dzCJaUq3-fviLXGqNjUIUyhrVhmxh-J4VrzhUbjLbywlXO8Px88m1nZSeE8x365FrHEMs7dW_vXTyrOkixBMC3pj3Zmao19vBy5f95gnll-d55mNaeekfw22Bo88QzbIdT9cGCKgDQdKeGd8QsHvHW5cFigk-2XJ5AajSJMXfuOj-oRfYCzG1OaPJxUHA5g12w0iPbrYIQ-lxiTjMARcnp1A7lzAsx3O7Oz3tKfz8So42A1HoXmMXVi2X9OmSauCKvaUS6PyNLUGgopkBEkGO-5GUID9yCcur1Ddc_jJWeNNlm5ksKo5UlgAKridr3FHoKvsFtrF-cGfZRiNMzXGoUEsgabjpJguUCzWYeiVxtgu_A_bslr0RSlr8ZrWE3-KYzUhD58SXasY8Gh-TiKsh28SKQbibr36PKhf1vzrqykW9eUi5379AtlV5Uylj37GvDLvjobztRG99vaxAyPQZukBLMV0RM34c6qCYyfwkdro8AmsxMuT9aigUfZqVvZ2-szN8RYdBDbH8FEPmlAdp0IsFzRxJe7dX1JH5sNL0SxaqCVIF7Y_BFxy6JBpJzyddn7H11s3lLSjE99PMXTp0lP9G2bxuNmEDBEa84nFDa5gKETZVotr2fGNU4JEmWvdG351ePGsAHoO0AM2vIZnoej4UJIpd4DeP-g0F6PJLpnRiMeitfLMYmwhnPUyXnpemKimwlJeNqrF4nZIWYY339jEA5kl2FKZ9UWrM5l9-jEw_BVOXExuwmK0DvTJYGrNGBN5S-BPdMqc1DHyT-exOCnbnfJ5YhrJJ4or7sGXDFBICnnXZJnvq4Rfh7GgVj2fNqlE5-Yy5VdHhZD0WZ1B9K8CI_y6jR5yhJpY9rrAOoeo2pZ9JFsiT30yaFq9Aoo94U0tDUMyiW37gBQukkCpQYlk4UxFk4p-F2fnhQL3ofWSQ42yyX_ky_FoQiRFxHBwhScMQuDXDkrWV8j1hHtY40WBb-VAvmRbo18qG4TXkyzbaMrfFNsNwUmMG3-p7_MmSsmIDCzIWvTPotCU9CmamYnjPO7L8VtmwYwKXblOXEkVP2AZcmZpWTqPSdQa1skMHy_LbQ1VhngJxaT9iYw8AjCNepJC_5URltlLjp_lxWDQi-xdmh03Tj-RujtO8h3sDZ1onXXIlYds9Bp_fXPgWSgidDj5gmpsehI-IG78931Dw5OcMdpFxC0YIf6ZRLPun_uIH7ACTiv94iczWA0Q-9SSX_as_85rN5CcDWkTjTeBqenLkqCFScsBRABEFmSiKc4BcCkv3FeTcV4vCWKJIcucLFUw-ABCKlKUYZavReOFlKQ0u_vq0KeirrWJeVWxX1xlQVLyXFNzz69A3C2qFVl61jaTh3uuvqrUGK4u4ZCTSqMjA0uA73UMEGy4Wj55GSlQpoolPy7PhxnNb0EWKbBsZdij7ZmwWybSgFLvozGpvNIyMbwV8V9udfxHx49HKgmij-vVep2qkbU-ELN1YS_SLtWpltv7tyfDwAs7bSCJ6iJmeKvE1avyCQf__6Za-pU4_67xOM5CoCOkX7D6vMYpANJ5RzfaIP5mTeDyf1jDia_vl0s9RWwaaE-uK_hHxaQv13eEQ-EHEyPQg7q9VX9ccRZ29qGCxXDNIOFeKBcMPXfDGQE2DsUEqZkDhLeSVrTiIu1UXprKNGX5dIpwmsdWp9JNdFGj8JL6VObdVLwFaElbEwvtH4imw_3JxMkZJ9u-lxp2IlnFfVTyu3FbzLPxNqWEq_LQjVEvUULXODUsHCUtGOJe7GEBRi_3CjUVGOhoO9Zs0c5ihyP1d-OE7zil3L4Cv0e2uiRJ5UBRgPHq-gmtcICvNAjcsv79Uil4Gn8gB_b37z1ufRV1tVELP0YxfANCmTeO48xUT5b32YLYoKq3fmkxNWpfnVjLRj8e-7NvBnZ_Ir6YxXjaozunSy8-O5nuUqePvdXFB_8UETgmLXvb-2tljK6OOAr3jedHmzH3Xjq_AiJLVQgGKANXCH8n9dBe8VQDLQRS0NiWSh34DywzPYv_FD15J0O_GP4W2JhoxCYgxqhwftJ2JTPW0Kh7TW920mdw0AGKfkP5wF0DaFyqfbzk8xD3aEYjpxugQzA8byaLgm9TK7pxin8tqYB165crtObx7qtKdZ-OmDl9yix-DNJNaMpwdHWgTJkc5tfNTWBNPDhiqiD7QDsa-GcteRMbqrXnhF4PL5li3QlPyH1zGVOiyNg0poQz3J_z5Bk8FwfORZtKQWGn-6eLgZ9EHdKIZA2pwVFuhlcEvmba_V52GwaIqK6DxJdqw6z71jfys3YZrAxHOQl9Y6FrXOV_BCDHwBVkFRrr5-3U8lhvuk9MOKK4VUC3BJrwlOUEE_KcrhTxEiJOwNvAhHO25jWwA-GCkJ517gAYnsPhAr1VelC6JFqht-vpF4hbe7h0sGD_3aAVwCXlqv21WnAO1wUSeMJTSTWD2yLxdXP2yv7iCBerEEieVDX_Nfj7UvN6s174V0dFNVSzKbVVnL0KUXVb4LpvDCk-Hs7ZPGukYcPTVWxF0ZAvKsQPln9A-fW-eaEsH71GtOis4LjCJZuRUSeeBikCXPoIMJxPiIVPIjXKnsviuXRb5GaNHo8-ls1szUtdrZghHRq-nkStxMoN7_PvH1tHiEys2X8As25GPnDrI2TysE6mRkiAHpkiOHioGxMh0_lnunO6QtIsoXTM2RrbBJtjm6MJ2L4EamJPr3J499G8gdeufODd8XFqh5JFa5FGvsZkMFV-gy4d4&cid=CAASPeRo08a_WmMh8bd5XINbdAUVf8w6F01jYZwt_I9lT7n9593fmImcDAVHljuY-79eKQRVbStHYj1O2QlB_40&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:04:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:04:04 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame CBCD 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:02:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 11:02:58 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CBCD 0
571 B 171ms
83ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumaYsfMzeCY5VilPXpAQfj3GMKvEntyb0cconwT-zw3AH-2-pwcG-Usa7V1W88UOQsE832-0_xirHgepErwUJVl2FjmonyvDjqpQUxLD6G5rfSm32QtHX9EA0fwItgTXSrJNkNo48SW6l7__ANVfS1K6nqxnwZbYaPEkbPUUhbdiOBNWgmNobtCsXV2RldVk1O04zFKuUxGymtTHvPJBRCLyNnQcUoYWFejbP3NC1KREufuwieFmpNIoFjtkQ03CP73sqtNgHzmx-RnY69BYqWJzl9FBqsBF821lUpVSNggf49IEoMi7XPk19T9sxxR2YiTDljVyN7PaS3fWgX1n2kZO1YcaHTfcccdjopdvXfZiZdZm8IFGjaVsMn61Vc3xXvZ9NBv4puoIkuFGqTzcpDHFbE7lMj7fdD8mmgl62Fl3RUPKX9TBwempwflQwKn7OLIQ4r_MmHaA8cpKHVtCaml_F3GvHadxs2Iv-ZNLvtDPkhYkNMIWugiUmDFAWIGl9nJUZoZipFOcK-hUri32UgCSc-jiNY84HmlE3VgDbhDFaYLQR4PDXguwb8jwWyzs_lDY6GxExXhA4QROL878Ss4yeqIV9isLnXTWf7bHmJh-g1NR2SriiNjL4IZkwoYRfSto0YdaYvpWULLOo8drAniI49R9prFFL-mteNzXAKXg7NQOfRFydKrnTeiP6ByJcpeFmqg0F8h0waT_UFnT-G8yGANJvtOmLYPvgrpVdtZXlriZgS8yXflMifrFvtGyKa2W2nHR-p4SDe2RgvS3H72wQgu1f4r3XjWeL8Zeb-dvQmJiEjPrUUoyJacXypBmNS3gfymt7It-IB7jGDqYtTGlMLlyDWu7mYH8-bTJkGQBRO1mk1_NgCQUUk9i8aTlCu55bQfU6WYC0WccaAmpKGnRbt-IgEP44wA82C1BX7CuTCuJ66ljlaE2yPkk4JXq87eN5mujPm232LFq_qdhPrP3gkXLkv2__a5_h0x77WBXIUgdw5C0y72Mvr_RCxvH-K65OxnUPqW_QXnIPCUYSoF4dJ--iNxLUTPg1UUE9Rt24Ad_GZqvCspzYOTpGbfFedMm4erUaxp2H5RzluLEvX5oF2JEadRENcMyYYpnB_lpFmg4ADI4Y4HQ&sai=AMfl-YQxlpDawhdFqBT4xVyU8CsYILmLu5ETcWvCXWlxJBwflm-SBd1C0id-bc_F8EMzJMouEduik9mHDZCuy9GoFwDeCfTA-wb292AH5QBzwl3V-Ws_hTTfHDumsh97gdtyPNx__TiLl8ZEy4wmod-iCFnZR-TwZQ4_cWDvASu_qNWY1kVJdtYCa2SRJx-SlA1D8Y2eAKaEROyeRuT3dSew88cVMkxv7XuwQBXNaKc2LQ&sig=Cg0ArKJSzKk_PVC-orXVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.65405&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 29 Nov 2021 11:07:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CBCD 41 KB
15 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 12:48:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 24 Nov 2022 12:48:36 GMT

GET
H2 200 233916_Holiday-2021_IncentiveProgram_DE_728x90_V3_R2.gif
s0.2mdn.net/8264868/ Frame CBCD 51 KB
51 KB 125ms
39ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8264868/233916_Holiday-2021_IncentiveProgram_DE_728x90_V3_R2.gif

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28820d70983d986ea27b9584f10725e53129740ce26e1c5ee8773f9e46d0437a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 08:00:31 GMT
x-content-type-options: nosniff
age: 11226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51728
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 08:00:31 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7887 143 B
163 B 39ms
38ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 29 Nov 2021 10:58:25 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Car.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 10 KB
10 KB 41ms
40ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/Car.png

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

590e5d9ca8b4c6ca7231ff2a1318545010971b260dc7f43f4ec68b1f44119e33

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571691
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10410
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
server: sffe
date: Mon, 22 Nov 2021 20:19:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 20:19:26 GMT

GET
H3 200 KAROQ.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 12 KB
12 KB 50ms
49ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/KAROQ.png

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0183df987bd128554f30ffed1bd2eaa58861c4f7aa0a06b52112e9487e7ad8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571691
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11849
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
server: sffe
date: Mon, 22 Nov 2021 20:19:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 20:19:26 GMT

GET
H3 200 300x600_F1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 22 KB
22 KB 44ms
44ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/300x600_F1.jpg

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ae4008d9b997d6854cc7ccd1fad864c795a8d1c58b7ec6b4eb1baedeee816b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571691
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22482
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
server: sffe
date: Mon, 22 Nov 2021 20:19:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 20:19:26 GMT

GET
H3 200 BG1_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 8 KB
8 KB 59ms
58ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/BG1_1.jpg

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279b95260a7544b60a8eb0d6925f0de4bf3a31a1d54a3af2000ed4aae28a6676

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571691
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8547
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
server: sffe
date: Mon, 22 Nov 2021 20:19:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 20:19:26 GMT

GET
H3 200 300x600_F2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/ Frame 54EE 23 KB
23 KB 52ms
52ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5137889399521447841/300x600_F2.jpg

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdb7aff6968a712f9e5e36e3d8e7fd59f3c00e78b10e0797dfd600cc5cc0c6f3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571691
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23210
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:03:24 GMT
server: sffe
date: Mon, 22 Nov 2021 20:19:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Nov 2022 20:19:26 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7887
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

95ms
95ms

Document
text/html

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
URL: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 29 Nov 2021 11:07:37 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 29 Nov 2021 11:07:37 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 29 Nov 2021 11:07:37 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7078 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 24 Nov 2021 12:48:37 GMT
expires: Thu, 24 Nov 2022 12:48:37 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 425940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7078 35 KB
13 KB 86ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 06:48:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15573
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 06:48:04 GMT

GET
DATA 200
OK truncated
/ Frame D8FF 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5f9eb1962e9a9beca10e1323c660dfcedf5b1db84f72be8fc5ba4b0b315290a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CBCD 0
23 B 119ms
73ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame CBCD 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 120ce0a5262d0b837392ab6b12f3ac1843a4efbbd261428364f5ad1ca7fcef78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CBCD 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=fb.704,e2e.1099,fs.612,reqs.659,ress.704,rese.705&srt=93&e=&id=csi_pagead&gqid=&qqid=CJv2pZa3vfQCFS_LuwgdyAkHag&rt=lb.382,ol.395

Requested by

Host: www.afr.com
URL: https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/ 7 KB
4 KB 188ms
54ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8fb73449d8ccf2b7b2662a60be2462550447cf84ef0453c4f6be975b0d620dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 377544
cf-polished: origSize=8435
cf-ray: 6b5b5f9b0b3b5c38-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 6
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-vR4S+/WOpukXgCM8B/FcKiZPTCc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 139ms
7ms Script
application/x-javascript 2600:9000:2057:6000:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: t.co
URL: https://t.co/rQhc1l9DjN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6000:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 10:49:19 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 1099
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 1aaUhmnYzfwicMNT1psS_V52b_HylDyXRdRyNKnA0bivaNoPm4Q1iA==
expires: Mon, 29 Nov 2021 12:49:19 GMT

GET
H/1.1 200
OK dest5.html Show response
nd.demdex.net/ Frame E6C6 7 KB
3 KB 29ms
28ms Document
text/html 54.73.127.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: t.co
URL: https://t.co/rQhc1l9DjN

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.73.127.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-73-127-110.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 29 Nov 2021 11:07:37 GMT
DCS: dcs-prod-irl1-2-v020-05adbcf08.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 26 Nov 2021 14:22:48 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: FRKvc+VxT1g=
transfer-encoding: chunked
Connection: keep-alive

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 101ms
53ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24e103a09f2c4e9d31b4f05e3187b6f55ecccfefc52e54a2db42444a9fe7852e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 11:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9188
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 11:07:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7078 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkB2IebSkYcmCI-2ux_APj5Cy4AEAAAAAOAHgBAI&bg=!OjmlOX3NAAZQLpa_UC47ACkAdvg8WpukB_62PuALdo29KALPz0OrCEkl9ExJhTXuO4zA2Xv40MPy0AIAAACJUgAAAApoAQcKAMVKF8jwBe1SsEq62Qp0x0DYdNNThPV0QCEjFsjzVIERicw-cst8vLOcUrAYAg07-SxV2hrOBzedpWCQouZzM1-t-SAlO39rD3teSHTehg6RiP21RPnuZjHYCF7iIyvp3qhMBKV6eIjZTVwLcfo1-E70fiXHS9aKWZm4Hl3oOIYCzy7GkVbFIvB_hyDLJxJHgThGYdLiIAUCXmbgc68-0r0zCgQ0o1OrLfZbKbwzfDKrVvUe1OF3Kg6bm-88xU0-puTgRVKstJkCxgCia17bPoaqnTKlWrS8YHfFsTt8TXeDA-hHfn_ZzWHxVBzy3el4Rb0_PGXeQS-KV5ZVTwGrtRc8OvqKN0AODEh4CXe_kWBGhIhmzZ8-BSt1V_VSgzzNFxINmwzN7kXv7QwOYkQ5wYY6a5JD0E26BN7zSnJ8w2tblBDURXwC3KxlbvUyxcYOvrDsK5WiKspAb2JRmNF2CDQn7vvTiTC8QrQfio7oV1dhZ_Emo0ErGWyyHFe-QYSsDcQnxE0tkAjJ45OLOUbHLc7qPdZMGJqkAMmixEg4d9yJwZHhX32Q1JrLsno7tlZTkxgk9tZloehHI-PHv8MUdzQuMYgEoQ8HyCcqtNU2Hir4cgQ-EiHmTy7Sn0RKUB-QStEZEWM7tqxGkc1gMQS102R8zguZC2U8_ife0pDuuiwUBxtbd026f5OlqRYdTIBc2jATN7vUiMgHqKH8A0SZmvYtEVVXoYWiU5Hd_wu0upa2OQPkeMH4HYCaeAZw6oOQVb9-zF-fdZ1nge0Nusy1W42vlRuCNAR4LfrJw0_j9STkrx23r1Y1AEkV0XVCy5n3Sb_1hIqfZksDSV0qndY4ZGt-SUxiapqX9AFRVcmHJaJX7q6866Cqi1W4Nh4zU8E9q_yq7SPvr31WBNqIdbZTmDnDxCqVLJdRtY0Trp0iJJqnvqf9sVg5Q_wF14yixKBbrKSSQ9bBxYsLPSpErXypsPf1KNu9GS9eYpiE3l-yDc_7mEKriHr1TH7g4-N4uXLBH04yha3FAvNqjHwNjZF8UbE-znaOQ0Kf07_CyAPVp7A2Sk3NzN-Q5F94kuTISlSm4wLOeLEbekL2H3fleGuFnkWUP4-AlC0SVilripFrMv3pz_5fMezeBZuWl-iLjD84Kvu0mwz_p-UGU8tEjEogH7aMFZBNN5D-i4xd8cE5cxzIIak3Xynv9ky6PFNIaad-

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET tap
pixel.rubiconproject.com/ Frame E6C6 0
0

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 302ms
100ms Image
image/gif 52.2.53.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=afr.com&p=%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&u=Cry_oBD3udWWDCxeyK&d=afr.com&g=27223&g0=technology%2C%20article&g1=James%20Eyers&g4=article&n=1&f=00001&c=0&x=0&m=0&y=6221&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Ft.co%2F&PA=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&b=2448&_s=%7B%22pageViewId%22%3A%22DD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9%22%7D&t=zioEibOWLZBpSqq3jReIPDJvOqr&V=129&i=CreditorWatch%20founder%20returns%20to%20stop%20fake%20invoice%20scams&tz=0&_acct=anon&sn=1&sv=DbJSLi-v3KXD-3_sCfEPa1CB1XF&sr=https%3A%2F%2Ft.co%2F&sd=1&im=067b0ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.53.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-53-191.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:38 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 3AF7 12 KB
5 KB 42ms
39ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 29 Nov 2021 06:48:04 GMT
expires: Tue, 29 Nov 2022 06:48:04 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 15574
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 573F 783 B
534 B 46ms
46ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2782c2d68dbe78874c6cacea91b4f0bdffcd7ceb6336e7d073bdb42be4d97d2e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hEESKyAJCWvd7kAimeoJ8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 29 Nov 2021 11:07:38 GMT
date: Mon, 29 Nov 2021 11:07:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hEESKyAJCWvd7kAimeoJ8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 12.59a7acb124733d888c69.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 35ms
34ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=www.afr.com

Requested by

Host: zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
URL: https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 379613
cf-polished: origSize=57365
cf-ray: 6b5b5f9b6c0f5c38-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
last-modified: Wed, 03 Nov 2021 17:52:57 GMT
server: cloudflare
x-powered-by: Express
etag: W/"e015-17ce6eeb8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2

404

sync
pixel.advertising.com/ups/28/ Frame E6C6
Redirect Chain

https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true
https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true&verify=true

0
254 B

11ms
10ms

Image
text/plain

18.193.13.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true&verify=true

Protocol

Server

18.193.13.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-193-13-190.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true&verify=true
date: Mon, 29 Nov 2021 11:07:38 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/ Show response
adc.nine.com.au/ Frame E4F2
Redirect Chain

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID
https://adc.nine.com.au/?appNexusUid=1038005398024162734

89 B
473 B

342ms
342ms

Document
application/json

52.65.130.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?appNexusUid=1038005398024162734

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.65.130.251 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-65-130-251.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

b132add03b6d07a7bc67c308e92b273af36c7b0525f7f847b84bb3bb0cdacb5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/

Response headers

server: awselb/2.0
date: Mon, 29 Nov 2021 11:07:38 GMT
content-type: application/json; charset=utf-8
content-length: 89
api-supported-versions: 1.0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
strict-transport-security: max-age=2592000

Redirect headers

Server: nginx/1.17.9
Date: Mon, 29 Nov 2021 11:07:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://adc.nine.com.au?appNexusUid=1038005398024162734
AN-X-Request-Uuid: a5e678a5-e3ab-4553-a4de-889257593da9
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com

GET
H/1.1

200
OK

ibs:dpid=19566&dpuuid=%s
dpm.demdex.net/ Frame E6C6
Redirect Chain

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

42 B
963 B

30ms
30ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v020-03d4427e3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 303,104
X-TID: nfY/kaBtRsU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:38 GMT
server: nginx
etag: "60b842b3-cde"
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location: https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
expires: Mon, 29 Nov 2021 11:07:38 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 1 KB
763 B 58ms
58ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1zw3m3dlvZEzjE2&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=www.afr.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

865392bf91afe07f2842b9bb7e66a5fa12dc44d166c000a0dac1de92ce1cb845

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 7
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: e2a771830174d3fa
cf-ray: 6b5b5f9bbcac5c38-FRA

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 573F 0
0 92ms
92ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=3675867651725011&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3AF7 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 06:48:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 06:48:04 GMT

GET
H/1.1

200
OK

ibs:dpid=72352&dpuuid=6325881595516224336&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame E6C6
Redirect Chain

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=6325881595516224336&gdpr=0&gdpr_consent=

42 B
945 B

32ms
32ms

Image
image/gif

52.208.201.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=72352&dpuuid=6325881595516224336&gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Server

52.208.201.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-201-194.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v020-057f981f7.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Hi82fLkEQ64=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=72352&dpuuid=6325881595516224336&gdpr=0&gdpr_consent=
date: Mon, 29 Nov 2021 11:07:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame E6C6
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=40610250637483666870598418323837297428
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=40610250637483666870598418323837297428

0
337 B

323ms
28ms

Image
text/plain

52.30.186.249
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=40610250637483666870598418323837297428
Protocol: H2
Server: 52.30.186.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-186-249.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 11:07:38 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1638184058
x-served-by: beacon-n022-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=40610250637483666870598418323837297428
date: Mon, 29 Nov 2021 11:07:38 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a008-ash-prod.krxd.net

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame E6C6 0
411 B 775ms
102ms Image
text/html 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 11:07:38 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=3675867651725011&bg=!FxSlFFDNAAZQLpa_UC47ACkAdvg8Wnt6GLccNhiWJ-Je6jvLkGePM1iWYrEWLIGeSoBIjUMM_brDPwIAAABUUgAAAA1oAQcKAE4LdKgQQsFILhUqZNPG81IIJNx57yngAUqS4yocTGo0TDshH4s8B_oaRhqrFnhASfponXhjOjCVxKfbeE5K1oTNsg0A4BDyMe-kTP06HqeZAnqywJ1Tk0XKz95EHfIifbm_htBrC2c9UEDQy1spbVQF2RybGcDT9cK_td5E-AA-tEyuuNaEiqSaNwsaw-CpZsxdvAu45jUX65t8eMrGggdD5YEFBC2T8DgqeMKqyqTWtxUQY-uFfkj1OUh0fq0nZBYNDeRj6yQScezfTwnY2sk8DRfADKwu21KUMvdAiCVa-3E0_sbggMjiVkM6TwDkA-cIihw1qs6CJBoveVf1or17d7F_YmmLhSIgUgzd3VWC3-hnTjxRgD-dXb8V3v8X-ujldMV6GRvgoq4YuMBlKUd18Z9qfcVonqracmVaN9zjPKlt4Z7BhwckzYg9DW6h3yxlyupanY6f7j-vEC5jX_tBMVqp3AwQMbJTa8AW6FnkAM4bg016x3NB7dMjAWZLFjxudZLLRuuj5RSUNdXxlsAsXaaShixymkQztLUlLWxBJ1owOrHSwIC2NnEOjw_T1OQOh2ktJzpJbDND_WF9cB3L67Gj2iUZdWdp8hdvFe3VVSJYmGGaNWu8r3m7Y-oJgODjBfwr2Wf-T1jWw1aGDPG0cBWwQYBuMOZScqlwC1ReS0HLulJv9hzAQf5kvOFvN1q2NNZLEOBco5grIiVPmUHK4lCsInSGWT5rXpFFJGd_YjaJv7lVihxqeFvE_LNHiBJqu8KN9GyonILwEoOeKNwXAolndbU3YUqn0A9o7ok0_5FHtUYC9lLtLxe0svaU1tnBLR-nRy4jd2rQ5QMKG8b0eBLfStFidePD2vV9DQMexvCgmxkr6qzD1j2zkTjyT7nMt4LkLskkcyRSGOX_YYUXKLTsrTHnpfFj6OydD4Gyr1uGFtqMijjhoCWp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 270ms
270ms XHR
text/plain 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 29 Nov 2021 11:07:38 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 279ms
279ms Preflight 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Mon, 29 Nov 2021 11:07:38 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B01C 42 B
64 B 74ms
73ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrhWpWRv9caqQhkHXpDdnzPRW9Kv-xL683KusFheUpx8S_DQVCAU6okRN736GVlKxAHI1-S2hzml4lH4g6zyohfds4hny_YMx5qU74o5cJQymJNkRcmw&sai=AMfl-YQea2zK_PMcm4eF050dyxQKJagd5q1k9Yap7S3aTRkW6KoTMC72Z2nHUWGuRCumipqKxSUho2KHcqN4zTNcxwPZFPGW2Mh4UPwIbhxTmP9Q1ubAsiIvI6IU6BL8deYD&sig=Cg0ArKJSzIQrYENNzygBEAE&cid=CAASPeRoZZj6_Xvn99Cpul8DAZiuR_DJv7cOybQlc55WWhYUIKXzaAqJy6A4ntxXkiIlqxOGk3R5SlkYEcvurbE&id=ampim&o=315,208&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=90&tls=1090&g=100&h=100&tt=1090&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4248342376

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
368 B 30ms
29ms Image
image/gif 34.252.91.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-302812&ch=au-302812_b25_afr.com-brand%20only_S&asn=afr.com-brand%20only&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&sessionId=dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056&prv=1&c6=vc,b25&ca=NA&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&c32=segA,NA&c33=segB,Financial%20Review%20-%20Technology&c34=segC,NA&c15=apn,afr&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,0twt7yt65bbkgygree15bwxa78fhu1638184056&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16381840568638013&c30=bldv,6.0.0.615&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=p59cnk&c3=st,c&c64=starttm,1638184059&adid=p59cnk&c58=isLive,false&c59=sesid,&c61=createtm,1638184058&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk&c66=mediaurl,&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&c62=sendTime,1638184058&rnd=561096
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.91.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-91-197.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 11:07:39 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 280ms
280ms Preflight 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Mon, 29 Nov 2021 11:07:44 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 271ms
271ms XHR
text/plain 13.238.96.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 29 Nov 2021 11:07:44 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

GET
H2 200 1x1.png
p.afr.com/ 68 B
529 B 79ms
15ms Image
image/png 34.149.151.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.afr.com/1x1.png?adblockdetected=disabled&pageviewid=DD0DB2C8-3FBF-4A34-9739-BA26AFADDCA9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.151.54 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 10:42:37 GMT
age: 1507
x-guploader-uploadid: ADPycdtxfHLQaDawUe0xAr1ggqyGg5GjusxXMKcAtW1cV6CSFQyauMj664onDV2UcrX7HJk1LIUywhQVlR19zHrQG6ARS5X9jw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
last-modified: Thu, 14 Oct 2021 21:35:53 GMT
server: UploadServer
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-goog-hash: crc32c=FWkPzg==, md5=keQtscZsCydqv2I03FCy6w==
x-goog-generation: 1634247353034335
cache-control: public,max-age=300
x-goog-stored-content-length: 68
accept-ranges: bytes
content-type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adaptv.advertising.com
URL: https://sync.adaptv.advertising.com/demdex_user_sync?

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/tap?pid=28346&segments=3945729

Verdicts & Comments Add Verdict or Comment

173 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

58 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 16:34:16	Name: muc Value: f850e7b2-2792-4faa-b592-9d75dcea6fbb
.t.co/	1970-01-20 16:34:16	Name: muc_ads Value: f850e7b2-2792-4faa-b592-9d75dcea6fbb
.afr.com/	1970-01-19 23:03:05	Name: _sp_ses.0af9 Value: *
.afr.com/	1970-01-20 03:22:16	Name: optimizelyEndUserId Value: oeu1638184056097r0.18716518629356527
www.afr.com/	1969-12-31 23:59:59	Name: _bsMode Value: true
www.afr.com/	1970-01-19 23:04:30	Name: ffx:audienceSegment Value: single/loyal
.afr.com/	1970-01-20 01:12:40	Name: _fbp Value: fb.1.1638184056657.1167069913
.twitter.com/	1970-01-20 16:34:16	Name: personalization_id Value: "v1_y6oQ6B9GpBLtX/DM3HvCGA=="
.afr.com/	1970-01-20 01:12:40	Name: _gcl_au Value: 1.1.1930976652.1638184057
.afr.com/	1970-01-20 16:34:16	Name: _sp_id.0af9 Value: 01ea790b-39ee-45f3-980e-5e71f5c080ad.1638184056.1.1638184057.1638184056.1ec6642e-e102-4735-a536-471918708e63
.demdex.net/	1970-01-20 03:22:16	Name: demdex Value: 40358447216782398450583103901759281710
.yahoo.com/	1970-01-20 07:49:01	Name: A3 Value: d=AQABBHi0pGECEM5HiaKtBmRaK684Dp94e9QFEgEBAQEFpmGuYQAAAAAA_eMAAA&S=AQAAAntd96Y69hCtxVW4FhznueA
.afr.com/	1969-12-31 23:59:59	Name: AMCVS_BEB5C8A15492DB600A4C98BC%40AdobeOrg Value: 1
.afr.com/	1970-01-20 07:48:40	Name: _hjSessionUser_182799 Value: eyJpZCI6IjJlY2IxMDg3LTQzOWItNTY3Mi1hYmY2LWY2ZDYzZDU4MmY0ZSIsImNyZWF0ZWQiOjE2MzgxODQwNTY2MjUsImV4aXN0aW5nIjpmYWxzZX0=
.afr.com/	1970-01-19 23:03:05	Name: _hjFirstSeen Value: 1
.afr.com/	1970-01-19 23:03:05	Name: _hjSession_182799 Value: eyJpZCI6ImQ5MjhlMzQxLWFiM2ItNDZjZS1hYzEwLTBkMDI0YzIxOTAzOSIsImNyZWF0ZWQiOjE2MzgxODQwNTY4Mzd9
www.afr.com/	1970-01-19 23:03:04	Name: _hjIncludedInSessionSample Value: 1
.afr.com/	1970-01-19 23:03:05	Name: _hjAbsoluteSessionInProgress Value: 0
.afr.com/	1970-01-20 16:34:16	Name: _ga Value: GA1.2.553984421.1638184057
.afr.com/	1970-01-19 23:04:30	Name: _gid Value: GA1.2.2073609616.1638184057
.afr.com/	1970-01-19 23:03:04	Name: _gat_ffxTracker Value: 1
.afr.com/	1970-01-20 07:48:40	Name: AMCV_BEB5C8A15492DB600A4C98BC%40AdobeOrg Value: -1176276602%7CMCIDTS%7C18961%7CMCMID%7C40582106574024553880595605017355376407%7CMCAAMLH-1638788856%7C6%7CMCAAMB-1638788856%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1638191256s%7CNONE%7CMCAID%7CNONE
.afr.com/	1970-01-19 23:46:16	Name: aam_uuid Value: 40610250637483666870598418323837297428
.doubleclick.net/	1970-01-20 08:24:40	Name: IDE Value: AHWqTUmOF-b0OolX-QNiulrAjz8nAKmGcXbXmWvf2kkIB4lzxe98ta3evqsXT7OFdUA
.imrworldwide.com/	1970-01-20 08:24:40	Name: SSCVER Value: v1
.imrworldwide.com/	1970-01-20 08:24:40	Name: IMRID Value: 8f703fa0-5104-11ec-adbb-0d349ccaa5f5
.adnxs.com/	1970-01-20 01:12:40	Name: uuid2 Value: 1038005398024162734
.afr.com/	1970-01-19 23:03:05	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.afr.com/technology/creditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk%22%2C%22sref%22:%22https://t.co/%22%2C%22sts%22:1638184057038%2C%22slts%22:0}
.afr.com/	1970-01-20 08:32:28	Name: _parsely_visitor Value: {%22id%22:%22pid=703d5cfed8789976397a4ed2f9aca88a%22%2C%22session_count%22:1%2C%22last_session_ts%22:1638184057038}
.turn.com/	1970-01-20 03:22:16	Name: uid Value: 3218223908093524481
.dpm.demdex.net/	1970-01-20 03:22:16	Name: dpm Value: 40358447216782398450583103901759281710
.linkedin.com/	1970-01-19 23:46:16	Name: UserMatchHistory Value: AQKmUK2UWeQTGQAAAX1rYPi2wqxljLVqXQKJdHT-cgAQJnxlJO5aVgnOgqw7DwYGa_HqCeDjBHM0eQ
.linkedin.com/	1970-01-19 23:46:16	Name: AnalyticsSyncHistory Value: AQJT7n6RkkraNAAAAX1rYPi2AB8YVm7fMzPXRBBG9vF9yhyKlTEAjUiRzjoDFliKHcisDc2I5_p7WSvZV2FiPg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:34:57	Name: bcookie Value: "v=2&ac146c25-7d95-4d6c-85bb-9b41a2e1d8e6"
.linkedin.com/	1970-01-19 23:04:30	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2544:u=1:x=1:i=1638184057:t=1638270457:v=2:sig=AQG8NZSAFdsZa2M8XUCvbyc5Xi5MRRep"
.casalemedia.com/	1970-01-20 07:48:40	Name: CMID Value: YaS0eSLJjitDbk6l0ZxR4gAA
.casalemedia.com/	1970-01-20 01:12:40	Name: CMPS Value: 3267
.eyeota.net/	1970-01-19 23:03:04	Name: SERVERID Value: 18720~DM
.casalemedia.com/	1970-01-20 01:12:40	Name: CMPRO Value: 1116
.casalemedia.com/	1970-01-19 23:04:30	Name: CMST Value: YaS0eWGktHkA
.everesttech.net/	1970-01-20 07:48:40	Name: everest_g_v2 Value: g_surferid~YaS0eQAAlM77KQAy
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 16:34:57	Name: bscookie Value: "v=1&202111291107377048db4f-9949-4237-8113-0373a2855872AQF1-xleY0a9B3jpisHT5qF4v2o5Venj"
.linkedin.com/	1970-01-20 16:30:37	Name: li_gc Value: MTswOzE2MzgxODQwNTc7MjswMjEGKRYmZB1wQf10u6KuT8+JPkoz8Kshbxh7C7Va/M6gVw==
.afr.com/	1970-01-20 08:24:40	Name: __gads Value: ID=dd8473e958440c67-22f94e9809cc00bb:T=1638184056:S=ALNI_MbZKaMejwKapakqb7aMLgdY9dK7PA
.doubleclick.net/	1970-01-19 23:03:07	Name: DSID Value: NO_DATA
www.afr.com/	1970-01-20 08:31:52	Name: _cb_ls Value: 1
www.afr.com/	1970-01-20 08:31:52	Name: _cb Value: Cry_oBD3udWWDCxeyK
www.afr.com/	1970-01-20 08:31:52	Name: _chartbeat2 Value: .1638184058101.1638184058101.1.DbJSLi-v3KXD-3_sCfEPa1CB1XF.1
www.afr.com/	1970-01-19 23:03:05	Name: _cb_svref Value: https%3A%2F%2Ft.co%2F
.nine.com.au/	1970-01-20 07:48:40	Name: NUID Value: 6c34919ff1fe4a78b45f9b69b3129cae
.afr.com/	1970-01-20 07:48:40	Name: NUID Value: 6c34919ff1fe4a78b45f9b69b3129cae
.advertising.com/	1970-01-20 07:50:06	Name: APID Value: UP90249bac-5104-11ec-9319-02ae0aa7f0b4
.demdex.net/	1970-01-20 03:22:16	Name: dextp Value: 358-1-1638184056991\|470-1-1638184057004\|481-1-1638184057020\|466-1-1638184057052\|771-1-1638184057067\|782-1-1638184057083\|832-1-1638184057098\|23728-1-1638184057116\|30064-1-1638184057131\|30646-1-1638184057147\|6835-1-1638184058145\|19566-1-1638184058160\|72352-1-1638184058198\|66757-1-1638184058214\|796-1-1638184058229
.3lift.com/	1970-01-20 01:12:40	Name: tluid Value: 6325881595516224336
.krxd.net/	1970-01-20 03:22:16	Name: _kuid_ Value: Ogrhaaf4
.fwmrm.net/	1970-01-20 03:22:16	Name: _uid Value: "e45e6_7035946953939516189"

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22CreditWatch%20founder%20Colin%20Porter%20returns%20to%20stop%20invoice%20scams%20costing%20businesses%20more%20than%20%24100m%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fcreditorwatch-founder-returns-to-stop-fake-invoice-scams-20211126-p59cnk%22%2C%22referrer%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22user_info%22%3A%7B%7D%7D Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://sync.adaptv.advertising.com/demdex_user_sync? Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://pixel.advertising.com/ups/28/sync?uid=40610250637483666870598418323837297428&_origin=1&redir=true&verify=true Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10510523.collect.igodigital.com
6633783.fls.doubleclick.net
85cadab8d55a86040e79d07ac6661aaa.safeframe.googlesyndication.com
a304207300.cdn.optimizely.com
ad.doubleclick.net
adc-js.nine.com.au
adc.nine.com.au
adservice.google.com
adservice.google.de
analytics.twitter.com
api.afr.com
beacon.krxd.net
cdn-gl.imrworldwide.com
cdn.ampproject.org
cdn.optimizely.com
cdn.parsely.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d.turn.com
d2uhnetoehh304.cloudfront.net
dkg40b2pmvxykwkz3vmkxvwuj9cnn1638184056.nuid.imrworldwide.com
dmp.v.fwmrm.net
dmpsync.3lift.com
dpm.demdex.net
fairfaxau.demdex.net
fairfaxau.sc.omtrdc.net
fairfaxmedia.gscontxt.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.ffx.io
ib.adnxs.com
image5.pubmatic.com
l.ffx.io
logx.optimizely.com
mb.moatads.com
nd.demdex.net
nova.collect.igodigital.com
p.afr.com
p1.parsely.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.advertising.com
pixel.rubiconproject.com
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
rtd-tm.everesttech.net
rtd.tubemogul.com
s.yimg.com
s0.2mdn.net
script.hotjar.com
secure-au.imrworldwide.com
secure-dcr.imrworldwide.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
siteintercept.qualtrics.com
sjs.bizographics.com
snap.licdn.com
sp.analytics.yahoo.com
ssum.casalemedia.com
static-au.plista.com
static.ads-twitter.com
static.chartbeat.com
static.ffx.io
static.hotjar.com
stats.g.doubleclick.net
sync.adaptv.advertising.com
t.co
token.rubiconproject.com
tpc.googlesyndication.com
usermatch.krxd.net
vars.hotjar.com
www.afr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
z.moatads.com
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
pixel.rubiconproject.com
sync.adaptv.advertising.com
104.17.208.240
104.244.42.131
104.244.42.69
104.96.92.79
108.174.10.14
13.238.165.50
13.238.96.192
13.32.22.49
13.32.22.92
13.36.218.177
138.201.125.235
142.250.184.226
142.250.186.70
142.250.186.98
143.204.207.41
151.101.194.49
158.101.193.104
172.217.16.130
18.169.85.185
18.193.13.190
185.33.221.11
199.232.136.157
2.18.233.180
2.18.234.21
2.18.235.40
2001:678:cb4:bbbb::13
212.82.100.181
212.82.100.182
23.21.180.34
2600:1f18:6593:f600:6d4e:4d08:83e5:8fa4
2600:9000:2057:6000:18:1fcd:34f:cdc1
2600:9000:2057:b000:7:3896:c640:93a1
2600:9000:2057:e600:1d:667e:2a40:93a1
2600:9000:206f:ea00:1e:a43d:b640:93a1
2600:9000:214f:1a00:2:42d9:3100:93a1
2600:9000:214f:5600:10:2964:9d00:21
2620:119:50e7:101::9002:e05
2620:1ec:21::14
2a00:1288:80:800::7001
2a00:1450:4001:801::2006
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2001
2a00:1450:4001:812::200a
2a00:1450:4001:827::2002
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:400c:c07::9c
2a02:26f0:6c00:2a0::13b8
2a02:26f0:6c00::210:ba10
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:400::645
3.127.178.105
34.149.151.54
34.197.14.190
34.252.91.197
52.2.53.191
52.205.167.202
52.208.201.194
52.30.186.249
52.65.130.251
54.73.127.110
54.90.48.240
65.9.7.60
69.173.144.138
76.223.111.18
02a4dfbbf2a2b2b60a672d8f8b967d87db051cda5c2473a6edd5affaabce7b3d
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120ce0a5262d0b837392ab6b12f3ac1843a4efbbd261428364f5ad1ca7fcef78
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b1e839148aec7e823e0c6ab7454ea987200ef30ecbf4c208af4cc33571b6de7
2144cc2dcb3b73143e73042e59b148ac836100e0adcdfadbbf2af6fc7aa474cf
217398b109fac3d2dc7d103ac98939115b86de942c686be0e12c57de3b670e9d
222636c2810fe948341450766980c2eec11a5db55a64e544bc6e7ee7652902ac
24e103a09f2c4e9d31b4f05e3187b6f55ecccfefc52e54a2db42444a9fe7852e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2782c2d68dbe78874c6cacea91b4f0bdffcd7ceb6336e7d073bdb42be4d97d2e
279b95260a7544b60a8eb0d6925f0de4bf3a31a1d54a3af2000ed4aae28a6676
28820d70983d986ea27b9584f10725e53129740ce26e1c5ee8773f9e46d0437a
28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea
29ae4008d9b997d6854cc7ccd1fad864c795a8d1c58b7ec6b4eb1baedeee816b
2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3
34a51d39f01f62c0d4ea3e4463e4fee766eee956df1e57f0028990045a1720b1
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3a9a46a45856d1639828034a0d31b4c823ac3e29b5891844ab7393fce7e2ff28
3b3d881dc186f3dbe197076f417286e88ff5b84d6f77096e31308c42a431c4d0
3d4b2f160b8117467085efe6a0308c19ac82bb4ed9c0a37ab690155b9c298e9e
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453b9ac9d54282c9838b51a5ea6d8fc34983a90050a750bccccc339e61109d86
4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a
47c87e2004b4452b33d08a61a3807a87c6fec50158f9909ac1013f4b81e8bb41
47e204d7f19ca1b8c69ed2d1a7c300e2cdc5a84bbc1ab7c5d57f8bc631cb47c6
48f2243a31d116f576b0c06cbed9b9ad55d92a8910ec53f9fbe525ec020649db
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4b4dfa7bb1368412b90d29a3c9c3031cbbb7438e058d0ecb9f2df02ddc0a85b0
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4f48de3ff0d64db0a4a082e0b61287d6b81031ceb6528382e7f7f63479efd64e
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0
55d8bd006c26d85d15f250d1ea7497f4390b04dac099c48484a155ffb6ae4e18
590e5d9ca8b4c6ca7231ff2a1318545010971b260dc7f43f4ec68b1f44119e33
59d1fe77c0d1ebe0d67f0573054abc91778b82b7ffe93e734720986ec4496650
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
668e065f6c3a37d16364785aad9c0689a95162603666e378e1c7fbf0c6c4165c
66fb1cbd6b3fb1dffb98c577751ece4e5882569d3b6f1c6d7bb539991ea4b6a7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75
751c47e579a96ede4c4fdfc48219716cfb906d1aabd8e7f7e06b153baff38be3
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
762eec26c35697c778960f1348261ead87844a3fb32e847f237cc6fdab697ba5
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7bf1cb2b945f341724d08a3a8522a756ce0c621065e24dc16a87f296c9f36f9b
7c331ac81d14f3351eb520e3de27ea792c145279386e2c8a284bf7319d00167d
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80fa6c9da6d7deb1b9dc5e407075cc51d846b8d1f5b29afff0a88808bc153cee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee
865392bf91afe07f2842b9bb7e66a5fa12dc44d166c000a0dac1de92ce1cb845
868db59bd0bad1449709464fa32045935b051648dff060c81247438a7b91b198
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd
920be5604af5a13bfe32d6722e25ec5232195a02644994a7b4c220e691873c9f
934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f
958b58f5489248327ecb9ceb5d623dea8811c23a8e2b484be4c4ec9dc669cfb5
96c4376b5e04d2d255b211fe0db20f37a2c3214959cc9258c018efa90318c071
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
99999c8cc9a571b0450dab7388e86671dbd4b0c7e0068425cfb4dda42d60cad7
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f
a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df
a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
b0183df987bd128554f30ffed1bd2eaa58861c4f7aa0a06b52112e9487e7ad8f
b132add03b6d07a7bc67c308e92b273af36c7b0525f7f847b84bb3bb0cdacb5b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d
b5cdc8c5d406b42ff1676ed609d0f9d2efd09df5a781be6a3a7d5d84c59338f3
b5f9eb1962e9a9beca10e1323c660dfcedf5b1db84f72be8fc5ba4b0b315290a
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b7d950ded2d44201e34e3caaad029e38996db2c706f925b3eeb125c3e464c896
b8fb73449d8ccf2b7b2662a60be2462550447cf84ef0453c4f6be975b0d620dd
bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
c4ec6f733b5d3bcee97fbc3de476176e0613c717cc09463b3f3f80aca03aeac8
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc
ca674d4e0485d840fabdde4262975b17c52849d41c203ddc994bea36c1bc7ee7
cdb7aff6968a712f9e5e36e3d8e7fd59f3c00e78b10e0797dfd600cc5cc0c6f3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3976ea4d6f3db03a05eebb0c048f94daf0204a21efee553a47c9f329e44cc11
d6b382729ed289c0c75aa63a72d4161b93bb1aac045efad6963855388bea8239
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d8315455bbf72512dcaf8ad3dd98f3335d0698e8dbfb22ffaae76f79c2100864
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e08410c46d34e10e615b8db79c9ff00de29e1a60179ede7a355d1d9c1c5307c8
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f
eea1d9620d359b9390cc662b4d4574dc531d8d4473885c07b2154ee99fce9fba
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2659780d94aa5f3b9d28cc58cdc91e0c6d23d480b01b9beb92eab049391da09
f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f7de950852f2b9d4d1ff8e2e1a3eca56b0a2cf96098bec320b6c813bc77a3eec
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73
fb34d671ac53532491f8bd44fbb1f58fcb9d2ab8408a195800b8633e97962c6e
fea43431c69a07aa5d24489dee8c6061740779c29343f5acbf07ff4c7f7a3b5a
feb35a42307d1d625165e6eb904a59e09f72fed5510fd452dfd58905a8507ebf
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.afr.com Open in urlscan Pro 2a04:4e42:400::645 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

198 Requests

92 %HTTPS

42 %IPv6

50 Domains

85 Subdomains

63 IPs

10 Countries

2423 kBTransfer

7186 kBSize

58 Cookies

22 Outgoing links

Page URL History

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.afr.com Open in urlscan Pro
2a04:4e42:400::645 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

92 %
HTTPS

42 %
IPv6

50
Domains

85
Subdomains

63
IPs

10
Countries

2423 kB
Transfer

7186 kB
Size

58
Cookies

198 HTTP transactions
5 data transactions