www.afr.com Open in urlscan Pro
2a04:4e42:600::645 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1...
Effective URL:
https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p5...
Submission: On November 24 via manual (November 24th 2020, 12:42:10 pm UTC) from CZ

Summary HTTP 129 Redirects Behaviour Indicators

Summary

This website contacted 47 IPs in 8 countries across 32 domains to perform 129 HTTP transactions. The main IP is 2a04:4e42:600::645, located in Ascension Island and belongs to FASTLY, US. The main domain is www.afr.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 30th 2020. Valid for: a year.

This is the only time www.afr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
32	2a04:4e42:600... 2a04:4e42:600::645	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:817::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:5a00:10:2964:9d00:21	16509 (AMAZON-02) (AMAZON-02)
4	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
1	104.111.218.144 104.111.218.144	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	65.9.68.87 65.9.68.87	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:10c... 2a02:26f0:10c:58e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:10c... 2a02:26f0:10c:48f::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.111.11.152 23.111.11.152	33438 (HIGHWINDS2) (HIGHWINDS2)
1 1	54.229.195.34 54.229.195.34	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:206... 2600:9000:206f:400:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:8e00:7:3896:c640:93a1	16509 (AMAZON-02) (AMAZON-02)
4	13.210.79.122 13.210.79.122	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	65.9.68.107 65.9.68.107	16509 (AMAZON-02) (AMAZON-02)
1	158.101.193.141 158.101.193.141	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	65.9.68.77 65.9.68.77	16509 (AMAZON-02) (AMAZON-02)
1	138.201.125.235 138.201.125.235	24940 (HETZNER-AS) (HETZNER-AS)
1	65.9.68.116 65.9.68.116	16509 (AMAZON-02) (AMAZON-02)
1 3	2600:9000:206... 2600:9000:206f:400:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 6	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2	54.66.206.35 54.66.206.35	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	34.242.67.216 34.242.67.216	16509 (AMAZON-02) (AMAZON-02)
2	18.204.189.7 18.204.189.7	14618 (AMAZON-AES) (AMAZON-AES)
1	65.9.69.60 65.9.69.60	16509 (AMAZON-02) (AMAZON-02)
4 4	172.217.22.38 172.217.22.38	15169 (GOOGLE) (GOOGLE)
1	3.210.102.70 3.210.102.70	14618 (AMAZON-AES) (AMAZON-AES)
1	176.9.103.51 176.9.103.51	24940 (HETZNER-AS) (HETZNER-AS)
3	54.229.194.56 54.229.194.56	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
2	54.79.6.223 54.79.6.223	16509 (AMAZON-02) (AMAZON-02)
1	34.198.72.16 34.198.72.16	14618 (AMAZON-AES) (AMAZON-AES)
5	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:6000:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1	18.235.56.156 18.235.56.156	14618 (AMAZON-AES) (AMAZON-AES)
2 2	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
1	63.34.165.134 63.34.165.134	16509 (AMAZON-02) (AMAZON-02)
129	47

2 199.60.103.2 (Canada) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., GB)

engage.eftsure.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a04:4e42:600::645 (Ascension Island)

ASN54113 (FASTLY, US)

www.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:5a00:10:2964:9d00:21 (United States)

ASN16509 (AMAZON-02, US)

d2uhnetoehh304.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.218.144 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-218-144.deploy.static.akamaitechnologies.com

a304207300.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.87 (Seattle, United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:58e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:48f::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.11.152 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

static-au.plista.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.195.34 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-195-34.eu-west-1.compute.amazonaws.com

secure-au.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:206f:400:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:8e00:7:3896:c640:93a1 (United States)

ASN16509 (AMAZON-02, US)

adc-js.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.210.79.122 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-210-79-122.ap-southeast-2.compute.amazonaws.com

i.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba20 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.68.107 (Seattle, United States)

ASN16509 (AMAZON-02, US)

e.infogr.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.101.193.141 (Seattle, United States)

ASN31898 (ORACLE-BMC-31898, US)

fairfaxmedia.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.77 (Seattle, United States)

ASN16509 (AMAZON-02, US)

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.125.235 (Kuenzelsau, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.235.125.201.138.clients.your-server.de

static.plista.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.116 (Seattle, United States)

ASN16509 (AMAZON-02, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206f:400:1e:a43d:b640:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.66.206.35 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-66-206-35.ap-southeast-2.compute.amazonaws.com

l.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.67.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-67-216.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.204.189.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-189-7.compute-1.amazonaws.com

10510523.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.69.60 (Seattle, United States)

ASN16509 (AMAZON-02, US)

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.22.38 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.102.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-102-70.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.9.103.51 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.51.103.9.176.clients.your-server.de

farm.plista.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.229.194.56 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-194-56.eu-west-1.compute.amazonaws.com

fairfaxau.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.79.6.223 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-79-6-223.ap-southeast-2.compute.amazonaws.com

adc.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.198.72.16 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

srv-2020-11-24-12.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:6000:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.235.56.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.88 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.165.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	afr.com www.afr.com api.afr.com	750 KB
13	googlesyndication.com 6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	154 KB
13	ffx.io static.ffx.io i.ffx.io l.ffx.io	67 KB
11	imrworldwide.com 2 redirects secure-au.imrworldwide.com cdn-gl.imrworldwide.com secure-gl.imrworldwide.com secure-dcr.imrworldwide.com	72 KB
10	doubleclick.net 4 redirects securepubads.g.doubleclick.net ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	249 KB
6	google.com 3 redirects adservice.google.com www.google.com	2 KB
6	facebook.com www.facebook.com	1 KB
5	ampproject.org cdn.ampproject.org	97 KB
5	facebook.net connect.facebook.net	222 KB
4	demdex.net dpm.demdex.net fairfaxau.demdex.net nd.demdex.net	4 KB
4	google-analytics.com www.google-analytics.com	20 KB
4	linkedin.com 2 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com	58 KB
3	google.de adservice.google.de www.google.de	369 B
3	nine.com.au adc-js.nine.com.au adc.nine.com.au	23 KB
3	plista.com static-au.plista.com static.plista.com farm.plista.com	22 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	60 KB
3	optimizely.com cdn.optimizely.com a304207300.cdn.optimizely.com logx.optimizely.com	84 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	parsely.com cdn.parsely.com srv-2020-11-24-12.pixel.parsely.com	25 KB
2	igodigital.com 10510523.collect.igodigital.com nova.collect.igodigital.com	3 KB
2	infogr.am e.infogr.am	6 KB
2	twitter.com platform.twitter.com	29 KB
2	licdn.com snap.licdn.com	3 KB
2	eftsure.com.au 1 redirects engage.eftsure.com.au	3 KB
1	chartbeat.net ping.chartbeat.net	169 B
1	chartbeat.com static.chartbeat.com	14 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	google.nl adservice.google.nl	803 B
1	gscontxt.net fairfaxmedia.gscontxt.net	93 B
1	bizographics.com sjs.bizographics.com	761 B
1	cloudfront.net d2uhnetoehh304.cloudfront.net	30 KB
1	googletagmanager.com www.googletagmanager.com	103 KB
129	32

	Domain	Requested by
16	www.afr.com	engage.eftsure.com.au www.afr.com
9	api.afr.com	www.afr.com
8	tpc.googlesyndication.com	www.afr.com cdn.ampproject.org securepubads.g.doubleclick.net tpc.googlesyndication.com
7	static.ffx.io	www.afr.com
6	www.facebook.com	www.afr.com connect.facebook.net
6	cdn-gl.imrworldwide.com	www.afr.com engage.eftsure.com.au cdn-gl.imrworldwide.com secure-au.imrworldwide.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	connect.facebook.net	engage.eftsure.com.au www.afr.com connect.facebook.net
4	ad.doubleclick.net	4 redirects
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	i.ffx.io	d2uhnetoehh304.cloudfront.net
4	securepubads.g.doubleclick.net	www.afr.com securepubads.g.doubleclick.net
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
3	www.google.com	1 redirects www.afr.com
3	adservice.google.com	2 redirects securepubads.g.doubleclick.net
3	secure-gl.imrworldwide.com	1 redirects secure-au.imrworldwide.com www.afr.com
2	ib.adnxs.com	2 redirects
2	adc.nine.com.au	adc-js.nine.com.au
2	nd.demdex.net	engage.eftsure.com.au
2	adservice.google.de	engage.eftsure.com.au www.afr.com
2	l.ffx.io	www.afr.com
2	6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	px.ads.linkedin.com	1 redirects www.afr.com
2	e.infogr.am	www.afr.com e.infogr.am
2	platform.twitter.com	www.afr.com platform.twitter.com
2	snap.licdn.com	engage.eftsure.com.au snap.licdn.com
2	engage.eftsure.com.au	1 redirects
1	secure-dcr.imrworldwide.com
1	ping.chartbeat.net
1	static.chartbeat.com	engage.eftsure.com.au
1	googleads.g.doubleclick.net	www.afr.com
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	srv-2020-11-24-12.pixel.parsely.com	www.afr.com
1	nova.collect.igodigital.com	www.afr.com
1	www.google.de	www.afr.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fairfaxau.demdex.net	engage.eftsure.com.au
1	farm.plista.com	static-au.plista.com
1	logx.optimizely.com	cdn.optimizely.com
1	cdn.parsely.com	www.googletagmanager.com
1	10510523.collect.igodigital.com	www.googletagmanager.com
1	dpm.demdex.net	engage.eftsure.com.au
1	adservice.google.nl	securepubads.g.doubleclick.net
1	www.linkedin.com	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	static.plista.com	static-au.plista.com
1	script.hotjar.com	static.hotjar.com
1	fairfaxmedia.gscontxt.net	www.afr.com
1	platform.linkedin.com	www.afr.com
1	adc-js.nine.com.au	engage.eftsure.com.au
1	secure-au.imrworldwide.com	1 redirects
1	static-au.plista.com	engage.eftsure.com.au
1	sjs.bizographics.com	engage.eftsure.com.au
1	static.hotjar.com	engage.eftsure.com.au
1	a304207300.cdn.optimizely.com	cdn.optimizely.com
1	d2uhnetoehh304.cloudfront.net	www.afr.com
1	www.googletagmanager.com	www.afr.com
1	cdn.optimizely.com	www.afr.com
129	58

This site contains no links.

Subject Issuer	Validity	Valid
engage.eftsure.com.au Cloudflare Inc ECC CA-3	`2020-08-16` - `2021-08-16`	a year	crt.sh
nine.com.au COMODO RSA Organization Validation Secure Server CA	`2020-09-30` - `2021-09-28`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.cdn.optimizely.com GeoTrust RSA CA 2018	`2020-03-05` - `2021-06-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
*.hotjar.com Amazon	`2020-01-22` - `2021-02-22`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2020-03-23` - `2022-03-28`	2 years	crt.sh
*.plista.com COMODO RSA Domain Validation Secure Server CA	`2020-06-02` - `2022-04-11`	2 years	crt.sh
*.imrworldwide.com DigiCert SHA2 Secure Server CA	`2020-01-21` - `2021-02-24`	a year	crt.sh
*.api.nine.com.au Amazon	`2020-09-11` - `2021-10-13`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
infogram.com Amazon	`2020-08-05` - `2021-09-05`	a year	crt.sh
*.9pub.io Amazon	`2020-02-10` - `2021-03-10`	a year	crt.sh
*.gscontxt.net DigiCert SHA2 Secure Server CA	`2020-01-22` - `2022-01-21`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.google.nl GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.ninetech.dev Amazon	`2020-09-01` - `2021-10-01`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.collect.igodigital.com DigiCert SHA2 Secure Server CA	`2020-02-14` - `2021-02-18`	a year	crt.sh
*.parsely.com Amazon	`2020-08-02` - `2021-09-02`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
logx.optimizely.com Amazon	`2020-09-21` - `2021-10-21`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.pixel.parsely.com Let's Encrypt Authority X3	`2020-09-28` - `2020-12-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2019-12-16` - `2020-12-30`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Frame ID: 7A067C42B949DAAB7B2BE0CB085FE02B
Requests: 100 HTTP requests in this frame

Frame: https://a304207300.cdn.optimizely.com/client_storage/a304207300.html
Frame ID: 25949E2EAD24E8ECEA4B965FAD47195D
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.afr.com
Frame ID: CB1B2960E32E630E992C123D3FFAC468
Requests: 1 HTTP requests in this frame

Frame: https://e.infogr.am/afrg-221120news-levitas-1h984wo311k8z6p?parent_url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&src=embed
Frame ID: 95FC0030B0EE11F8FB8D4CE000B57861
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 51BEB16DBA6D0CDB1AD2CA061B01FFC5
Requests: 1 HTTP requests in this frame

Frame: https://secure-gl.imrworldwide.com/storageframe.html
Frame ID: B5DDF4092DC2684FCDD494748BA37379
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE
Frame ID: 4916469908F962A9924DC960FD2DBC8C
Requests: 1 HTTP requests in this frame

Frame: https://fairfaxau.demdex.net/dest5.html?d_nsid=0
Frame ID: ECAC680CA5DAA657D6F124164AF97112
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 3A4C702D896E192E246FB6C40863C4B6
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 6F6316C56DC9889FF0031988DC14139C
Requests: 16 HTTP requests in this frame

Frame: https://6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 755A588AF0FA2D21AAFCBE4D52ED8759
Requests: 1 HTTP requests in this frame

Frame: https://nd.demdex.net/dest5.html?d_nsid=0
Frame ID: EF3CC7C5CE71C93D59B7CAD51BC8356C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 0C8623F8F3160599A71FA1972FF1B0AE
Requests: 1 HTTP requests in this frame

Frame: https://adc.nine.com.au/?appNexusUid=6063455372811408341
Frame ID: F34A1FD64F1679E2A0AF0CE6B9EC457D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB1... Page URL
https://engage.eftsure.com.au/events/public/v1/track/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGL... HTTP 307
https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-wit... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

129
Requests

100 %
HTTPS

50 %
IPv6

32
Domains

58
Subdomains

47
IPs

8
Countries

2124 kB
Transfer

6679 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81 Page URL
https://engage.eftsure.com.au/events/public/v1/track/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81?_ud=8e892a47-8e00-4bcb-815f-1376b7acc6b4&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://secure-au.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 64

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%20Email%20Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%26time%3D1606221713978%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Fcompanies%252Ffinancial-services%252Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%253Futm_campaign%253DBusiness%2BEmail%2BCompromise%2526utm_medium%253Demail%2526_hsmi%253D100739388%2526_hsenc%253Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%2526utm_content%253D100739388%2526utm_source%253Dhs_email%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness+Email+Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&liSync=true

Request Chain 78

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681 HTTP 302
https://adservice.google.com/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE HTTP 302
https://adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE

Request Chain 79

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&sr=1600x1200&id=lstrg-c3b8db7cbd1b56a9de08a9692382b4ec&tz=1 HTTP 302
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&sr=1600x1200&id=lstrg-c3b8db7cbd1b56a9de08a9692382b4ec&tz=1&ja=1

Request Chain 80

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714 HTTP 302
https://adservice.google.com/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE HTTP 302
https://adservice.google.de/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE

Request Chain 114

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 125

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fadc.nine.com.au%3FappNexusUid%3D%24UID HTTP 302
https://adc.nine.com.au/?appNexusUid=6063455372811408341

129 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh... Show response
engage.eftsure.com.au/e2t/tc/ 9 KB
3 KB 189ms
82ms Document
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., GB),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e43a9303f9a87bacb3f24a3345e32a42b170d4a1af38df859e7885813e6efca

Request headers

:method: GET
:authority: engage.eftsure.com.au
:scheme: https
:path: /e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=ddf12c880dfc04a8c5c9b1abd77d1951d1606221712; expires=Thu, 24-Dec-20 12:41:52 GMT; path=/; domain=.engage.eftsure.com.au; HttpOnly; SameSite=Lax __cfruid=b8c9bc92b1adbae2d6ecee1900c187868b29dff9-1606221712; path=/; domain=.engage.eftsure.com.au; HttpOnly; Secure; SameSite=None
cf-ray: 5f7334e47adf203f-AMS
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 069bdf62c80000203fc306e000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c Show response
www.afr.com/companies/financial-services/
Redirect Chain

https://engage.eftsure.com.au/events/public/v1/track/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3h...
https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&...

449 KB
81 KB

338ms
314ms

Document
text/html

2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Requested by

Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9c18a4e772b437682404af43e40ec3db0f1c00873e8f25340dd8234ea324d488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.afr.com
:scheme: https
:path: /companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81

Response headers

cache-control: public, max-age=30
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: W/"7022a-HU/IEkxMQLxQra9fEj+8CrR50+A"
strict-transport-security: max-age=31536000
uber-trace-id: 4706c1ef85cfd2b2:4706c1ef85cfd2b2:0:0
x-varnish-grace: none(fetch fresh)
x-xss-protection: 1; mode=block
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 24 Nov 2020 12:41:52 GMT
age: 7
x-served-by: cache-syd10151-SYD, cache-fra19125-FRA
x-cache: HIT, MISS
x-cache-hits: 1, 0
vary: Accept-Encoding
content-length: 82382

Redirect headers

date: Tue, 24 Nov 2020 12:41:52 GMT
location: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
cf-ray: 5f7334e50c4d203f-AMS
link: <https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 069bdf63210000203f95b95000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-robots-tag: none
server: cloudflare

GET
H2 200 europa.44d04281ff872548e63d.js Show response
www.afr.com/assets/ 27 KB
8 KB 7ms
6ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/europa.44d04281ff872548e63d.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d8a4852c02d56abf2fba3c510e39e5f11de8a647bff185fb3d7cde74cfb32d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 366563
uber-trace-id: e89fe8f3d707a0bf:e89fe8f3d707a0bf:0:0
x-cache: HIT, HIT
content-length: 8444
etag: W/"6d14-175e3e0a9e8"
x-served-by: cache-syd10121-SYD, cache-fra19125-FRA
last-modified: Fri, 20 Nov 2020 04:19:13 GMT
date: Tue, 24 Nov 2020 12:41:52 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 13780390039.js Show response
cdn.optimizely.com/js/ 270 KB
83 KB 24ms
11ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/13780390039.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e2dd011650c86ea518c13ebd92d1a5a703f9e37ee56a83b5e5ced325b313498e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: l7pMA7K6lDRqyxWP4wFSMDOhM6tVwlmL
content-encoding: gzip
etag: "03b7245d446fb33501e4d0759d5c9b63"
x-amz-request-id: FB521EB234865E08
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 2334
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 84601
x-amz-id-2: r6U2ECsv6KSVCcmlqggYpU8p6GG8TTg+Bf6HaAw1J90CpVffrCntK4p04nPP4WzGYYYC8uBSw6s=
last-modified: Fri, 20 Nov 2020 01:38:15 GMT
server: AmazonS3
date: Tue, 24 Nov 2020 12:41:52 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 bea33247.gif
www.afr.com/assets/ 42 B
200 B 7ms
6ms Image
image/gif 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/bea33247.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 21 Sep 2020 08:32:03 GMT
age: 5542399
etag: W/"2a-174afca93b8"
x-served-by: cache-syd10149-SYD, cache-fra19125-FRA
uber-trace-id: ed047f51f30b4667:ed047f51f30b4667:0:0
x-cache: HIT, HIT
content-type: image/gif
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 42
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 13041, 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 350 KB
103 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3af1385378f16fe57bab349687c7d75a0a7fa0d648ed4687220ca9ba5423135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105529
x-xss-protection: 0
last-modified: Tue, 24 Nov 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Nov 2020 12:41:52 GMT

GET
H2 200 sp.js Show response
d2uhnetoehh304.cloudfront.net/2.11.0-patched/ 97 KB
30 KB 43ms
9ms Script
application/javascript 2600:9000:206f:5a00:10:2964:9d00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:10:2964:9d00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 019744965d0ec24185c7c4c6aa763f7ed2ed55627d14ba04ea211c03ffc9bf3b

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 00:25:11 GMT
content-encoding: gzip
last-modified: Fri, 02 Oct 2020 00:38:15 GMT
server: AmazonS3
age: 44202
etag: "b207aec74d4b4b1bac405074b3f3368a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: j7LLsSbISf0zFqHJJ1JXvMYni9EmRAicBnzDLhqWZk_l-OsJNrEF2w==

GET
H2 200 4d72b99ee39b5c4264b5f4ab39807fee381f6a51
static.ffx.io/images/$zoom_0.1825%2C$multiply_0.2833%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_94/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 12 KB
13 KB 33ms
17ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.1825%2C$multiply_0.2833%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_94/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/4d72b99ee39b5c4264b5f4ab39807fee381f6a51
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: ec2ce4d09079f4eb2959eb206621a1c063e6d76fc0f87b4f16fa341bcd0880c6

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
via: 1.1 varnish, 1.1 varnish
age: 43296
edge-cache-tag: 255076701394266405484883490315302824770,465148957952272134217807697876738774267,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="4d72b99ee39b5c4264b5f4ab39807fee381f6a51.webp"
content-length: 12684
x-served-by: cache-fra19131-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 255076701394266405484883490315302824770 465148957952272134217807697876738774267 5f5f4219172da4ec8104790896b11172
last-modified: Tue, 24 Nov 2020 00:37:42 GMT
server: cloudinary
x-timer: S1606221713.939132,VS0,VE1
etag: "b395f9155b61431be54c54c52ba746b3"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 9e4827dce4684e0d4f9d8951921033b00128435e
static.ffx.io/images/$zoom_0.2825%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_86%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 7 KB
8 KB 33ms
17ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2825%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_86%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/9e4827dce4684e0d4f9d8951921033b00128435e
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: d192c551796843f6c2a10c45f2e66e781cc01901139c25771ba3c66841dcfff0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
via: 1.1 varnish, 1.1 varnish
age: 429778
edge-cache-tag: 472738116743256987821661930168612146014,219737789964929571998379665400903571394,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="9e4827dce4684e0d4f9d8951921033b00128435e.webp"
content-length: 7542
x-served-by: cache-fra19157-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 472738116743256987821661930168612146014 219737789964929571998379665400903571394 5f5f4219172da4ec8104790896b11172
last-modified: Thu, 19 Nov 2020 13:15:19 GMT
server: cloudinary
x-timer: S1606221713.939087,VS0,VE1
etag: "2827fa0a9152ae62c2fb1d346a70ad90"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 fec10cfa57c419244dbd02332d6822141a85354b
static.ffx.io/images/$zoom_0.2782%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_607%2C$y_37/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 9 KB
9 KB 32ms
16ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2782%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_607%2C$y_37/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/fec10cfa57c419244dbd02332d6822141a85354b
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: b3c2a4829c30295b503c26ea86513045129f8db899838df1d124bc4fa1c5a640

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
via: 1.1 varnish, 1.1 varnish
age: 144677
edge-cache-tag: 235807862764964965306140012062311359173,222416139570230561886798213487806114194,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="fec10cfa57c419244dbd02332d6822141a85354b.webp"
content-length: 8730
x-served-by: cache-fra19123-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 235807862764964965306140012062311359173 222416139570230561886798213487806114194 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 22 Nov 2020 20:24:17 GMT
server: cloudinary
x-timer: S1606221713.939045,VS0,VE1
etag: "e311543c7ac4e17dc3f54d563691e62f"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 5714f55f39df9c44607680e90e9196af105a9ef5
static.ffx.io/images/$zoom_0.2033%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 11 KB
11 KB 33ms
16ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2033%2C$multiply_0.2833%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/5714f55f39df9c44607680e90e9196af105a9ef5
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 22fba34a72b04cb449f3222f2e5677dc28e8b1dbabac434b2e7d679a75a4021e

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:52 GMT
via: 1.1 varnish, 1.1 varnish
age: 35492
edge-cache-tag: 395085835235810161274744653582217756828,351321501200839935632420888025853754190,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="5714f55f39df9c44607680e90e9196af105a9ef5.webp"
content-length: 10992
x-served-by: cache-fra19177-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 395085835235810161274744653582217756828 351321501200839935632420888025853754190 5f5f4219172da4ec8104790896b11172
last-modified: Tue, 24 Nov 2020 01:48:33 GMT
server: cloudinary
x-timer: S1606221713.939112,VS0,VE1
etag: "291deabd202d3a5557612344a6e984c0"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 9a774230.svg
www.afr.com/assets/ 3 KB
589 B 6ms
6ms Image
image/svg+xml 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/9a774230.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"bf5-174afca93b8"
age: 5542346
uber-trace-id: adc189297e2ddcc8:adc189297e2ddcc8:0:0
x-cache: HIT, HIT
content-length: 460
x-served-by: cache-syd10149-SYD, cache-fra19125-FRA
last-modified: Mon, 21 Sep 2020 08:32:03 GMT
date: Tue, 24 Nov 2020 12:41:52 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 8801, 1

GET
H2 200 suecanano-regular-webfont.woff2
www.afr.com/fonts/ 18 KB
18 KB 6ms
6ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-regular-webfont.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Fri, 31 Jul 2020 05:16:55 GMT
age: 10003827
etag: W/"4664-173a34d3d58"
x-served-by: cache-syd10124-SYD, cache-fra19125-FRA
uber-trace-id: 8741cc5c491ac20d:8741cc5c491ac20d:0:0
x-cache: HIT, HIT
content-type: font/woff2
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 18020
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 2149, 1

GET
H2 200 suecahd-regular-webfont.woff2
www.afr.com/fonts/ 22 KB
23 KB 14ms
13ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regular-webfont.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 02 Sep 2020 08:18:45 GMT
age: 7147706
etag: W/"59b8-1744de59288"
x-served-by: cache-syd10125-SYD, cache-fra19125-FRA
uber-trace-id: 1223e4041cbb4cd8:1223e4041cbb4cd8:0:0
x-cache: HIT, HIT
content-type: font/woff2
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 22968
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 3626, 1

GET
H2 200 suecahd-regularitalic-webfont.woff2
www.afr.com/fonts/ 24 KB
24 KB 13ms
12ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regularitalic-webfont.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Fri, 17 Jan 2020 05:38:17 GMT
age: 26941611
etag: W/"5f4c-16fb2025d28"
x-served-by: cache-syd10150-SYD, cache-fra19125-FRA
uber-trace-id: 88d92528c434185d:88d92528c434185d:0:0
x-cache: HIT, HIT
content-type: font/woff2
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 24396
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 31470, 1

GET
H2 200 suecanano-semibold-webfont.woff2
www.afr.com/fonts/ 17 KB
18 KB 13ms
12ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-semibold-webfont.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Fri, 07 Feb 2020 01:29:12 GMT
age: 25129331
etag: W/"45f0-1701d43de40"
x-served-by: cache-syd10125-SYD, cache-fra19125-FRA
uber-trace-id: fb1cda010ba3c22f:fb1cda010ba3c22f:0:0
x-cache: HIT, HIT
content-type: font/woff2
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 17904
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 1852, 1

GET
H2 200 suecahd-bold-webfont.woff2
www.afr.com/fonts/ 22 KB
22 KB 13ms
12ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-bold-webfont.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
last-modified: Fri, 17 Jan 2020 05:38:17 GMT
age: 26941613
etag: W/"5844-16fb2025d28"
x-served-by: cache-syd10127-SYD, cache-fra19125-FRA
uber-trace-id: 206b97b698af3a60:206b97b698af3a60:0:0
x-cache: HIT, HIT
content-type: font/woff2
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
content-length: 22596
date: Tue, 24 Nov 2020 12:41:52 GMT
x-cache-hits: 21855, 1

GET
H2 200 vendorsReactRedux_client.28b1f8a66a9edea6331b.chunk.js Show response
www.afr.com/assets/ 153 KB
50 KB 7ms
6ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsReactRedux_client.28b1f8a66a9edea6331b.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ebe4c92126bd44035ec0ca2a51821a6c3994b64aee346dc7278a442730eaceae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 366573
uber-trace-id: bbb21bc963074ad3:bbb21bc963074ad3:0:0
x-cache: HIT, HIT
content-length: 51354
etag: W/"26594-175e3e0a9e8"
x-served-by: cache-syd10134-SYD, cache-fra19125-FRA
last-modified: Fri, 20 Nov 2020 04:19:13 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 vendorsHtmlparser2_client.46c8f62135398280f281.chunk.js Show response
www.afr.com/assets/ 126 KB
40 KB 8ms
6ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsHtmlparser2_client.46c8f62135398280f281.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

73da0025b0177b74096b3e30fc9729e0c40a86ecd1dc7b462ad9faf9e2403e4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 366562
uber-trace-id: 9e1845c19ae0160c:9e1845c19ae0160c:0:0
x-cache: HIT, HIT
content-length: 40539
etag: W/"1f841-175e3e0a9e8"
x-served-by: cache-syd10122-SYD, cache-fra19125-FRA
last-modified: Fri, 20 Nov 2020 04:19:13 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 vendors_client.4cab25d017c6d7138357.chunk.js Show response
www.afr.com/assets/ 498 KB
147 KB 11ms
9ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60269a5edec18da4c5040a679b9264ffd6e97614eb1bad36c0f11692c2f48772

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 295287
uber-trace-id: 6a59f2aa1e2ebf2e:6a59f2aa1e2ebf2e:0:0
x-cache: HIT, HIT
content-length: 149827
etag: W/"7c6fc-175e8977f20"
x-served-by: cache-syd10149-SYD, cache-fra19125-FRA
last-modified: Sat, 21 Nov 2020 02:17:24 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 34, 1

GET
H2 200 client.4434b7b6178e01a7ae08.js Show response
www.afr.com/assets/ 514 KB
129 KB 10ms
9ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/client.4434b7b6178e01a7ae08.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

16f0cd67a928c45e4fc480e7c770aa23cd6586384e51556512387a268a009c29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 25130
uber-trace-id: bb5f9b68abb379cd:bb5f9b68abb379cd:0:0
x-cache: HIT, HIT
content-length: 131653
etag: W/"80607-175f880c108"
x-served-by: cache-syd10125-SYD, cache-fra19125-FRA
last-modified: Tue, 24 Nov 2020 04:26:29 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 6, 1

GET
H2 200 vendors_ArticleTemplate_AustralianIndicesDetail_CompanyDataTemplate_MarketsDataAustralianIndicesTemp_c0e2ea35.bb511ef7daaf0b409de5.chunk.js Show response
www.afr.com/assets/ 409 KB
107 KB 9ms
8ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendors_ArticleTemplate_AustralianIndicesDetail_CompanyDataTemplate_MarketsDataAustralianIndicesTemp_c0e2ea35.bb511ef7daaf0b409de5.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d446ac32305aa63ba1ecdc077c632224a59233512933fae00c9acee850a7eafc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 366592
uber-trace-id: ee64b91cc01738db:ee64b91cc01738db:0:0
x-cache: HIT, HIT
content-length: 109848
etag: W/"66281-175e3e0a9e8"
x-served-by: cache-syd10124-SYD, cache-fra19125-FRA
last-modified: Fri, 20 Nov 2020 04:19:13 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 1

GET
H2 200 ArticleTemplate.170ef31a2291f86fdb25.chunk.js Show response
www.afr.com/assets/ 92 KB
27 KB 8ms
7ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/ArticleTemplate.170ef31a2291f86fdb25.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

abfd66b8ce6a0076466f68940afd956eda14fe7e5d8186674a8984d759fd107b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 295240
uber-trace-id: 85acf12303b13ce2:85acf12303b13ce2:0:0
x-cache: HIT, HIT
content-length: 26991
etag: W/"1705b-175e8977f20"
x-served-by: cache-syd10127-SYD, cache-fra19125-FRA
last-modified: Sat, 21 Nov 2020 02:17:24 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 37, 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 54 KB
18 KB 83ms
31ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/europa.44d04281ff872548e63d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

2e527a3483125d104275304b1fe7dcd1e83ac2bbc1ea65a94eea2184e513cdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "703 / 191 of 1000 / last-modified: 1606134076"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18520
x-xss-protection: 0
expires: Tue, 24 Nov 2020 12:41:53 GMT

GET
H2 200 a304207300.html
a304207300.cdn.optimizely.com/client_storage/ Frame 2594 0
0 83ms
28ms Document
text/html 104.111.218.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a304207300.cdn.optimizely.com/client_storage/a304207300.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.218.144 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-218-144.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a304207300.cdn.optimizely.com
:scheme: https
:path: /client_storage/a304207300.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

x-amz-id-2: fZ5Oxkh+TSY3+me343IxpbOPiW6A2ZzE7d9sQXR6GX/Nljsc2d1fiFK4O9UnVVTP15+udD6UcNs=
x-amz-request-id: 2E01F6CFEC6D8FEA
x-amz-replication-status: PENDING
last-modified: Tue, 24 Nov 2020 05:06:08 GMT
etag: "4e29ea4be94ee2b7f094548fd625868f"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: evki4VeMV1Sf0OECbRvE87jBed.1BzbA
accept-ranges: bytes
content-type: text/html; charset=utf-8
content-length: 975
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
date: Tue, 24 Nov 2020 12:41:53 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="7";dur=0,cdnip;desc="104.111.218.144";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 89 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23320
x-xss-protection: 0
pragma: public
x-fb-debug: VfIXI7DkTfZc50iZ5qV4qUmpuJWQb6lBsZd4BAHTWPiHOF25Dmjfk265n91TWqGwpxkgaA+KPpCDCHz3nRWvbA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 24 Nov 2020 12:41:53 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-182799.js Show response
static.hotjar.com/c/ 7 KB
3 KB 75ms
28ms Script
application/javascript 65.9.68.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-182799.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.87 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ca629c8d330e7311530781111f889339d7704c2e42aae365ed41e6669e624931

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:16 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 37
etag: W/4cb963a6d7e1ca6478034c9769106838
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: kLWQ3nGpEZaYMl58_N1qESmpLHNKd-i2dDvnqMCaW1DxoPkbzF8cAw==
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 30ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:41:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=61250
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 965 B
761 B 41ms
10ms Script
application/x-javascript 2a02:26f0:10c:48f::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:48f::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:41:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=76800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 async.js Show response
static-au.plista.com/ 62 KB
20 KB 82ms
17ms Script
application/javascript 23.111.11.152
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://static-au.plista.com/async.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.111.11.152 Phoenix, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

7b49583198d0163c1ea9541483cef8947331394273700beff7b425febb398f24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-plista-node: plista854
x-plista-versions: plista-plugin- libplista-php-0.0.0
date: Tue, 24 Nov 2020 12:41:53 GMT
via: 1.1 varnish-v4
x-content-type-options: nosniff
last-modified: Mon, 23 Nov 2020 17:39:05 GMT
server: NetDNA-cache/2.2
age: 4
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript; charset=utf-8
cache-control: public, must-revalidate, proxy-revalidate
x-varnish: 890294080 890542098
content-encoding: gzip
expires: Tue, 24 Nov 2020 17:39:06 GMT

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-au.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

8ms
8ms

Script
application/javascript

2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 24 Nov 2020 10:55:38 GMT
content-encoding: gzip
last-modified: Mon, 12 Oct 2020 13:35:53 GMT
server: AmazonS3
age: 6375
etag: W/"cc7339d315e5ab16597dd66d153a0e7e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: .KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: 5P2hapwJi02AbmTTE5NDIrHIPxFZjkBSqpoz2BoUlaGTh5QstMtZyA==

Redirect headers

location: https://cdn-gl.imrworldwide.com:443/v60.js
date: Tue, 24 Nov 2020 12:41:53 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H2 200 ggcmb510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 12 KB
5 KB 15ms
14ms Script
application/javascript 2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by: Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CeKWdfuThsyzKr0NmnwAM5a0VYitilJV
content-encoding: gzip
etag: "afa0d379b1e6e0a61fad577d0043ff26"
last-modified: Tue, 17 Nov 2020 14:36:24 GMT
server: AmazonS3
age: 2942
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 24 Nov 2020 11:52:52 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: L_i-gIUh9fyVxRBma1X8IaqefhSyx3Ml3GMsLSK2Yb21lHE3y9mpuA==

GET
H/1.1 200
OK adc.js Show response
adc-js.nine.com.au/ 78 KB
22 KB 45ms
8ms Script
application/javascript 2600:9000:206f:8e00:7:3896:c640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adc-js.nine.com.au/adc.js
Requested by: Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:8e00:7:3896:c640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 48fcb83f88c6b3b27c820d40a7cf2fce909c7483e61fbd8b1924996f0f6e4d0d

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:36:54 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Mon, 24 Aug 2020 02:17:52 GMT
Server: AmazonS3
Age: 300
ETag: W/"b0f7bb4f5c9f8768bbd1f8e95c243907"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
Cache-Control: public, max-age=300
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-C1
X-Amz-Cf-Id: qazggdLyUTkjx-5SuzuXa97Cuv-sXO7HJVoCbEyKz2-bbRGWYZXjMQ==

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 1265ms
305ms Other 13.210.79.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 13.210.79.122 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-210-79-122.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Tue, 24 Nov 2020 12:41:54 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H2 200 5950a941b0dcd644cc9c493c08366340.sprite.svg Show response
www.afr.com/assets/svg/ 114 KB
40 KB 6ms
6ms XHR
image/svg+xml 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/svg/5950a941b0dcd644cc9c493c08366340.sprite.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99ee5c964ba646eb0ba74eddd0d7b83f116b060ba7a06e19bac0c04eebe6866b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"1c931-1752e982f98"
age: 3415422
uber-trace-id: 6bc5b9ef596703c4:6bc5b9ef596703c4:0:0
x-cache: HIT, HIT
content-length: 40848
x-served-by: cache-syd10127-SYD, cache-fra19125-FRA
last-modified: Thu, 15 Oct 2020 23:28:47 GMT
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 35, 1

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41A7) /
Resource Hash: 2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:41:53 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:52:09 GMT
Server: ECS (fcn/41A7)
Age: 595
Etag: "a671d4d584ef50954e5cebb21da17065+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28698

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/client.4434b7b6178e01a7ae08.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

147daa58374d2b0ac90bbbe586d6ca30e11abd8aa7fe7eb3e109311af82c583e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: dY74GOpBsPqgS2Jyeys63A==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
etag: "d3fbde295bf245d1401d8825b1db2919"
x-fb-debug: NDRljiaTCiVZ0HjyEGCZcowusUa0mvQEagHUnMLzA8vfWLUu4W32mqgE1FIS9ejMw4BUjW9tidYifiPCO1rxNQ==
x-fb-trip-id: 664085054
x-fb-content-md5: 5b6cb4bc167ef2919a269ef12626ca0e
x-frame-options: DENY
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 24 Nov 2020 12:47:43 GMT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 35ms
6ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/client.4434b7b6178e01a7ae08.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Play /
Resource Hash: e3b89915f5b07a2494caf04ecb0a5d53a103b3a0a81e1e43d723cd74e76f67e4

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-LI-UUID: lAKzAzFvShYw5RmHGisAAA==
Date: Tue, 24 Nov 2020 12:41:53 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
Server: Play
X-Li-Pop: prod-efr5
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Connection: keep-alive
X-LI-Proto: http/1.1
Content-Length: 55605
X-CDN: AKAM
X-Li-Fabric: prod-lva1
Expires: Tue, 24 Nov 2020 12:47:53 GMT

GET
H2 200 embed-loader-min.js Show response
e.infogr.am/js/dist/ 15 KB
6 KB 85ms
23ms Script
application/javascript 65.9.68.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://e.infogr.am/js/dist/embed-loader-min.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/client.4434b7b6178e01a7ae08.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.107 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2893094ad385dabc708440cc86a052c5e527bd9323eb14421096520a5f1c858a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 11:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3112
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 23 Nov 2020 10:15:37 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"3a62-175f49a0928"
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
via: 1.1 2a3a093b493a82493f3431437cb166ad.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
timing-allow-origin: *
x-amz-cf-id: FVHNYtwkPMMjO_MNnreeNWsxpRHLGkAtWpWO_Ra0iTdUZLooGo1FCQ==
expires: Wed, 25 Nov 2020 11:50:01 GMT

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 1233ms
331ms XHR
text/plain 13.210.79.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.210.79.122 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-210-79-122.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Tue, 24 Nov 2020 12:41:56 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

GET
H2 200 p56ftg Show response
api.afr.com/api/content/v0/assets/ 19 KB
6 KB 338ms
315ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p56ftg
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ace674504002bde77738f646325e77a4184eba30a68c8fc9da07f87983f93d3f

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 6
x-served-by: cache-syd10141-SYD, cache-fra19179-FRA
vary: Accept-Encoding
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 6259
x-cache-hits: 1, 0

GET
H2 200 p56ez0 Show response
api.afr.com/api/content/v0/assets/ 10 KB
4 KB 337ms
314ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p56ez0
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 121667f68fa7590d28616147c172c04376ce47c28dddb4550e010cac7ec16e12

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 6
x-served-by: cache-syd10149-SYD, cache-fra19179-FRA
vary: Accept-Encoding
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 3472
x-cache-hits: 1, 0

GET
H2 200 graphql Show response
api.afr.com/ 391 B
270 B 323ms
312ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20memberDetailsAndSubscriptions%20%7B%20memberDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20member%20%7B%20profile%20%7B%20displayName%20email%20roles%20%7B%20accountId%20role%20__typename%20%7D%20shortID%20type%20__typename%20%7D%20__typename%20%7D%20__typename%20%7D%20memberSubscriptionDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20subscription%20%7B%20entitlements%20plans%20__typename%20%7D%20__typename%20%7D%20%7D%20&operationName=memberDetailsAndSubscriptions&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2f46b13df7e4fa7157c1eb0477a04698d3b552f283b19c6f5dce24e1bb8fd573

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
content-encoding: gzip
x-served-by: cache-syd10125-SYD, cache-fra19125-FRA
vary: Accept-Encoding, Origin
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 203
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 216 B
354 B 321ms
311ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20Account%20%7B%20account%20%7B%20autoplay%20error%20%7B%20message%20type%20__typename%20%7D%20location%20%7B%20postCode%20state%20suburb%20__typename%20%7D%20onboarding%20%7B%20newsfeed%20tags%20__typename%20%7D%20__typename%20%7D%20%7D%20&operationName=Account&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 280455b0b73c2845cd34db6ce0cf8a555b138e1376894edddc9366c72554fe70

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10149-SYD, cache-fra19125-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 216
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 185 B
250 B 332ms
323ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20isAssetInSavedList(%24assetID%3A%20String!%2C%20%24brand%3A%20Brand!)%20%7B%20isAssetInSavedList(input%3A%20%7BassetID%3A%20%24assetID%2C%20brand%3A%20%24brand%7D)%20%7B%20isSaved%20error%20%7B%20message%20__typename%20%7D%20__typename%20%7D%20%7D%20&operationName=isAssetInSavedList&variables=%7B%22assetID%22%3A%22p56f9c%22%2C%22brand%22%3A%22afr%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0b3c489aed36762153272d65dd601fa3c0bb0cb7e789248a565238c916c7c288

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10131-SYD, cache-fra19125-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 185
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 31 KB
3 KB 317ms
311ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20FinancialStockRelatedQuotes(%24symbol%3A%20String!)%20%7B%20quoteFull%3A%20financialStockSummaryQuote(symbol%3A%20%24symbol)%20%7B%20...FinancialStockRelatedSummaryQuoteFragment%20__typename%20%7D%20quoteHistory%3A%20financialStockHistoricalQuotes(interval%3A%20DAILY_1_YEAR%2C%20symbol%3A%20%24symbol)%20%7B%20...FinancialStockRelatedHistoricalQuotesChartFragment%20__typename%20%7D%20quoteIntradayTrades%3A%20financialStockHistoricalQuotes(interval%3A%20FIVE_MINUTES_1_DAY%2C%20symbol%3A%20%24symbol)%20%7B%20...FinancialStockIntradayRelatedQuotesChartFragment%20__typename%20%7D%20%7D%20fragment%20FinancialStockRelatedHistoricalQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quotes%20%7B%20date%3A%20time%20close%20__typename%20%7D%20__typename%20%7D%20fragment%20FinancialStockIntradayRelatedQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quotes%20%7B%20date%3A%20time%20salePrice%3A%20close%20__typename%20%7D%20__typename%20%7D%20fragment%20FinancialStockRelatedSummaryQuoteFragment%20on%20FinancialStockSummaryQuoteResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quote%20%7B%20last%3A%20lastPrice%20lastUpdated%3A%20providerUpdateTime%20open%3A%20openPrice%20previousClose%20__typename%20%7D%20__typename%20%7D%20&operationName=FinancialStockRelatedQuotes&variables=%7B%22symbol%22%3A%22ASX_CBA%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f6a03d1be4b53785c04123bbc00b5eb98e15553da65fea0201887615db0eef6d

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
content-encoding: gzip
age: 6
x-served-by: cache-syd10124-SYD, cache-fra19125-FRA
vary: Accept-Encoding, Origin
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2390
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 0

GET
H2 200 graphql Show response
api.afr.com/ 31 KB
2 KB 341ms
335ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20FinancialStockRelatedQuotes(%24symbol%3A%20String!)%20%7B%20quoteFull%3A%20financialStockSummaryQuote(symbol%3A%20%24symbol)%20%7B%20...FinancialStockRelatedSummaryQuoteFragment%20__typename%20%7D%20quoteHistory%3A%20financialStockHistoricalQuotes(interval%3A%20DAILY_1_YEAR%2C%20symbol%3A%20%24symbol)%20%7B%20...FinancialStockRelatedHistoricalQuotesChartFragment%20__typename%20%7D%20quoteIntradayTrades%3A%20financialStockHistoricalQuotes(interval%3A%20FIVE_MINUTES_1_DAY%2C%20symbol%3A%20%24symbol)%20%7B%20...FinancialStockIntradayRelatedQuotesChartFragment%20__typename%20%7D%20%7D%20fragment%20FinancialStockRelatedHistoricalQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quotes%20%7B%20date%3A%20time%20close%20__typename%20%7D%20__typename%20%7D%20fragment%20FinancialStockIntradayRelatedQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quotes%20%7B%20date%3A%20time%20salePrice%3A%20close%20__typename%20%7D%20__typename%20%7D%20fragment%20FinancialStockRelatedSummaryQuoteFragment%20on%20FinancialStockSummaryQuoteResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20quote%20%7B%20last%3A%20lastPrice%20lastUpdated%3A%20providerUpdateTime%20open%3A%20openPrice%20previousClose%20__typename%20%7D%20__typename%20%7D%20&operationName=FinancialStockRelatedQuotes&variables=%7B%22symbol%22%3A%22ASX_ANZ%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4225b1cb63f080e88f154957d6371df6529df92f73f6b93a5c5a92d8e26df609

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
age: 0
x-served-by: cache-syd10142-SYD, cache-fra19125-FRA
vary: Accept-Encoding, Origin
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2299
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H2 200 c550995019dfb9d1b2843cbc1daef80093388b6c
static.ffx.io/images/$width_620/t_resize_width/e_sharpen:25%2Cq_85%2Cf_auto/ 16 KB
17 KB 7ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$width_620/t_resize_width/e_sharpen:25%2Cq_85%2Cf_auto/c550995019dfb9d1b2843cbc1daef80093388b6c
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: d407eb06577a91fafb74b3e30eaf1f5c4411818059b0dbf45db1535f29ef1f36

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 161203
edge-cache-tag: 506148312199260061230022006845404594291,296481544326439700273880640400968929386,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="c550995019dfb9d1b2843cbc1daef80093388b6c.webp"
content-length: 16526
x-served-by: cache-fra19123-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 506148312199260061230022006845404594291 296481544326439700273880640400968929386 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 22 Nov 2020 07:29:41 GMT
server: cloudinary
x-timer: S1606221714.690598,VS0,VE1
etag: "46c91bb15e6235915c359ab542f411d1"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 graphql Show response
api.afr.com/ 654 B
465 B 330ms
325ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20PaywallRuleQuery(%24context%3A%20PaywallRuleRequestContext!%2C%20%24story%3A%20PaywallRuleRequestStory!)%20%7B%20paywallRule(context%3A%20%24context%2C%20story%3A%20%24story)%20%7B%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20rule%20%7B%20...RuleFragment%20__typename%20%7D%20__typename%20%7D%20%7D%20fragment%20RuleFragment%20on%20PaywallRuleData%20%7B%20meter%20%7B%20global%20__typename%20%7D%20prompt%20%7B%20...PromptFragment%20__typename%20%7D%20promptType%20__typename%20%7D%20fragment%20PromptFragment%20on%20Prompt%20%7B%20callToAction%20countRemaining%20message%20style%20subscriptionURL%20title%20__typename%20%7D%20&operationName=PaywallRuleQuery&variables=%7B%22context%22%3A%7B%22alreadyMetered%22%3Afalse%2C%22currentMeterCount%22%3A0%2C%22referrer%22%3A%22%22%7D%2C%22story%22%3A%7B%22brand%22%3A%22AFR%22%2C%22categories%22%3A%5B%22Companies%22%2C%22Financial%20services%22%5D%2C%22sponsored%22%3Afalse%2C%22tags%22%3A%5B%22Cyber%20security%20(Editorial%20use)%22%2C%22Managed%20funds%22%2C%22Hedge%20funds%22%2C%22Private%20equity%22%2C%22Commonwealth%20Bank%20of%20Australia%22%2C%22Australia%20and%20New%20Zealand%20Banking%20Group%20Limited%22%2C%22Cyber%20warfare%22%2C%22Information%20security%22%5D%2C%22type%22%3A%22ARTICLE%22%7D%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 408f31300a65a967877bf6adb181b8d5154413af8ace7b6e08c8a12545c3fd58

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
x-served-by: cache-syd10120-SYD, cache-fra19125-FRA
vary: Accept-Encoding, Origin
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 399
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 250 B
269 B 329ms
324ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20AudienceSegmentsQuery(%24userId%3A%20String!)%20%7B%20audienceSegments(userId%3A%20%24userId)%20%7B%20segments%20%7B%20engagementSegment%20%7B%20batchTime%20userSegment%20__typename%20%7D%20__typename%20%7D%20error%20%7B%20message%20type%20%7B%20class%20__typename%20%7D%20__typename%20%7D%20__typename%20%7D%20%7D%20&operationName=AudienceSegmentsQuery&variables=%7B%22userId%22%3A%2200c9f54e-a885-4a58-b03e-66e9570f740e%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4ae3b4e4b1bc382d00e2b54321b94507533f56092aaabd4a9e0af943c45989c

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
age: 0
x-served-by: cache-syd10123-SYD, cache-fra19125-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 161
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H/1.1 200
OK channels.cgi Show response
fairfaxmedia.gscontxt.net/main/ 16 B
93 B 82ms
17ms Script
application/javascript 158.101.193.141
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://fairfaxmedia.gscontxt.net/main/channels.cgi?url=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/europa.44d04281ff872548e63d.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.101.193.141 Seattle, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: a5c206638d9c711e49cf200fcd793632146f7f7b42208a67e0503be86321eafc

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 16
Content-Type: application/javascript

GET
H3-Q050 200 pubads_impl_2020111701.js Show response
securepubads.g.doubleclick.net/gpt/ 277 KB
98 KB 78ms
47ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

68963209b16bd2a387c310495d51021d2fc57e5df9cb87ac98a0505c0daeca43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 17 Nov 2020 09:43:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99766
x-xss-protection: 0
expires: Tue, 24 Nov 2020 12:41:53 GMT

GET
H2 200 1831268437115893 Show response
connect.facebook.net/signals/config/ 239 KB
69 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1831268437115893?v=2.9.29&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

57ceb0f29d44047a226a76174be47fdc5935ca09fc6fd303b7c7d366651568ab

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70214
x-xss-protection: 0
pragma: public
x-fb-debug: Gesj7klnGtWTlyhXSkm2Yz2kZJx+F7mnq2bKsWkXdo+qY8dC8JvmRBDCdzjbjYGLxoulOAWgVite3ICIDKLVkQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 24 Nov 2020 12:41:53 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 2089237793
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 glcfg510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/configs/ 2 KB
1 KB 18ms
18ms Script
application/javascript 2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: a9yv6FoqUOJEHV8JhhsvdvrSixeG3nZZ
content-encoding: gzip
etag: W/"931051f801612c3a0e2782961ac3d56c"
last-modified: Tue, 17 Nov 2020 14:36:24 GMT
server: AmazonS3
age: 1507
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 24 Nov 2020 12:16:46 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: nfr1RUni_txXhKD4oarKDPwAoqIuNDTgIra-MzNpRxwaVnzMfTwC4g==

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:41:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=49875
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799

GET
H2 200 modules.96677cf12de4f92c1764.js Show response
script.hotjar.com/ 220 KB
58 KB 76ms
25ms Script
application/javascript 65.9.68.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.96677cf12de4f92c1764.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.77 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

10e22e96d9a3e56996a963ff8b59db06503a4aff2500b31114601f6535b2c57a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 23 Nov 2020 13:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83101
x-cache: Hit from cloudfront
content-length: 58829
access-control-allow-origin: *
last-modified: Mon, 23 Nov 2020 13:32:15 GMT
etag: "3962393975331a714d80acf4a5be5cb4"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Mc7dvv9-v8osd_tGyVOP5Z9ZhrfZoJ_A5qfQw41aY6uEMWz6ET3DTQ==

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 195 KB
59 KB 19ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=95ba39435ea7c4f97dea0b9b987ac353&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

06629ac9e9f22099ea80d6c3ff6b0ee4e59a66c89af29aa4111c35e41e6baaf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: LB5LBjSbaEvesi0ek1pgjQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 60138
etag: "fa28139a6f02dd9d99934c968b7383e4"
x-fb-debug: YVefPORdQk0hX/APin05wm+KbkizZavmbkTZs3qGOzHprqignxOzY4/QDcehzD23raPojROIi3lxNrEpm+puZw==
x-fb-trip-id: 664085054
x-fb-content-md5: b392cb659e04ccc32bd11da9bc7b6121
x-frame-options: DENY
date: Tue, 24 Nov 2020 12:41:53 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Wed, 24 Nov 2021 11:13:14 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame CB1B 0
0 9ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.afr.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D7) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 19042
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Nov 2020 12:41:53 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 01 Oct 2020 21:50:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D7)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H2 200 afrg-221120news-levitas-1h984wo311k8z6p
e.infogr.am/ Frame 95FC 0
0 136ms
136ms Document
text/html 65.9.68.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://e.infogr.am/afrg-221120news-levitas-1h984wo311k8z6p?parent_url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&src=embed

Requested by

Host: e.infogr.am
URL: https://e.infogr.am/js/dist/embed-loader-min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.107 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: e.infogr.am
:scheme: https
:path: /afrg-221120news-levitas-1h984wo311k8z6p?parent_url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&src=embed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

content-type: text/html; charset=utf-8
date: Tue, 24 Nov 2020 12:41:53 GMT
server: nginx
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
x-content-type-options: nosniff
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
etag: W/"6bcc-IYS7Adnxg/4YabMiW4Z6f2dVHZ4"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 2a3a093b493a82493f3431437cb166ad.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: DA1-dBxj5pqy0KGYWc1HNRPi0EkrthCCQmNn88Y_scMot0XqGOoffg==

GET
H2 200 fc2c63baa23f7c11ea923073.js Show response
static.plista.com/async/pub/ 9 KB
2 KB 111ms
26ms Script
application/javascript 138.201.125.235
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.plista.com/async/pub/fc2c63baa23f7c11ea923073.js

Requested by

Host: static-au.plista.com
URL: https://static-au.plista.com/async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

138.201.125.235 Kuenzelsau, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.235.125.201.138.clients.your-server.de

Software

nginx /

Resource Hash

796270902c6d7a1b43ccf0c1c4e74e74af867d213fd0f209725978962d07bd14

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2020 12:31:32 GMT
server: nginx
age: 620
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish-v4
cache-control: public, must-revalidate, proxy-revalidate
x-varnish: 976146275 974781401
accept-ranges: bytes
content-length: 1649
expires: Wed, 25 Nov 2020 12:31:33 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 51BE 0
0 105ms
22ms Document
text/html 65.9.68.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.68.116 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

content-type: text/html
content-length: 851
date: Fri, 06 Nov 2020 22:29:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Fri, 06 Nov 2020 16:42:59 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: nvl-UneXbCvpPFGWDkDJThy5SCftFjLDK4gCh97akb85qAKSDW0huw==
age: 1519918

GET
H2 200 storageframe.html
secure-gl.imrworldwide.com/ Frame B5DD 0
0 183ms
151ms Document
text/html 2600:9000:206f:400:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-gl.imrworldwide.com/storageframe.html
Requested by: Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: secure-gl.imrworldwide.com
:scheme: https
:path: /storageframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

content-type: text/html
vary: Accept-Encoding
date: Tue, 24 Nov 2020 12:41:54 GMT
server: nginx
last-modified: Fri, 02 Oct 2020 19:34:09 GMT
etag: W/"5f7780b1-2b27"
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 47s9aOwQjQodirA6PZszwXESdtRjz-jGIpKs8eQRGTLRzVltcyaQWg==

GET
H2 200 953970877989909 Show response
connect.facebook.net/signals/config/ 239 KB
69 KB 27ms
26ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/953970877989909?v=2.9.29&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ce5bab475973e37f13264bb617af9ad0d66ac4f2c8abbd623175b0c4d7a22b8b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70214
x-xss-protection: 0
pragma: public
x-fb-debug: 5CRDNjbdgvJtUafGnfGoNsWyheUNJoiLsd5FjXaBhQAZuIX39awt0lptCGYSEL1ZSUqT4nL6dh3xWKuQDd/4pQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 24 Nov 2020 12:41:53 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 162664028
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&rl=&if=false&ts=1606221713974&sw=1600&sh=1200&v=2.9.29&r=stable&ec=0&o=30&fbp=fb.1.1606221713971.1919728123&it=1606221713784&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 24 Nov 2020 12:41:53 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-2...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%26time%3D1606221713978%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Fcompanies...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-2...

0
57 B

130ms
130ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness+Email+Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&liSync=true
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: rpPWrCNyShbgKYs0HysAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: MkskqCNyShZg2CapFSsAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 2807B5CD91DE4E9793C9701317DD6ED5 Ref B: FRAEDGE1309 Ref C: 2020-11-24T12:41:54Z
x-frame-options: sameorigin
date: Tue, 24 Nov 2020 12:41:54 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1606221713978&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness+Email+Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 P70F2B436-31E2-4369-A3CB-294DC350A880.js Show response
cdn-gl.imrworldwide.com/conf/ 32 KB
7 KB 15ms
15ms Script
application/javascript 2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Requested by: Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f26ba88db52e8d910649cc1d562505b6d053c8968323abb6038af11a3b6733d

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: quhi40SJ8OJ23kHFU9yLBcTQODOWB4PX
content-encoding: gzip
etag: "facaf9073dbacd669869d7e8b9b87674"
last-modified: Tue, 24 Nov 2020 01:16:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Tue, 24 Nov 2020 12:41:54 GMT
x-amz-cf-id: ePDYsIA4qNzholbAi90xg1c3MKm_luq_wGhtiTpDz_U4JKjY2b2zAQ==

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 109 B
803 B 55ms
33ms Script
application/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
169 B 15ms
14ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 569 KB
130 KB 863ms
863ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3535620156864262&correlator=4296114383128969&output=ldjh&impl=fifs&eid=21068728%2C21066994%2C21068418%2C21068809&vrg=2020111701&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201124&iu_parts=21671780509%2Cafr%2Ccompanies%2Cfinancialservices%2Ccybersecurityeditorialuse&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x600%7C300x250%7C160x600%2C970x250%7C728x90%2C970x250%7C728x90%2C320x50%7C6x2%2C320x50%7C6x2&fluid=0%2C0%2C0%2Cheight%2Cheight&prev_scp=lazyAd%3Dfalse%26pos%3D3%7ClazyAd%3Dfalse%26pos%3D1%7ClazyAd%3Dfalse%26pos%3D2%7ClazyAd%3Dfalse%26pos%3D1%26nativesz%3D6x2%7ClazyAd%3Dfalse%26pos%3D2%26nativesz%3D6x2&cust_params=adKitVersion%3D2.0.14%26autoRefresh%3Dfalse%26brms%3Dtrue%26brvs%3Dtrue%26deployEnv%3Dproduction%26layout%3Dblue%26pageid%3Dp56f9c%26pageviewid%3D3885E406-E971-4CE0-AB3F-08CD95CFB614%26swgt%3Dna%26sysEnv%3Ddesktop%26cat%3Dcompanies%26cat1%3Dfinancialservices%26cat2%3Dcybersecurityeditorialuse%26ctype%3Darticle%26csub%3Dvisitor%26gs_cat%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1606221714&dt=1606221714115&dlt=1606221712886&idt=1186&frm=20&biw=1600&bih=1200&oid=3&adxs=1130%2C315%2C315%2C1277%2C1277&adys=2948%2C212%2C1945%2C2871%2C2890&adks=1529360671%2C3858930837%2C139797179%2C3540904192%2C396695652&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x600%7C1520x298%7C1260x308%7C300x18%7C300x19&msz=300x600%7C1520x250%7C1340x250%7C300x2%7C300x2&ga_vid=2070178579.1606221714&ga_sid=1606221714&ga_hid=1547411456&fws=4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

bdb2d9604c5077ba3c2b068d8a0271d89604028c26eead29b45b84165d44e77b

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2959905697775811345/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2959905697775811345/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKmr0ZWam-0CFQzCdwod2qwBvA&gqi=&layout=/sadbundle/%24csp%253Der3%24/2959905697775811345/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2959905697775811345/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2959905697775811345/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKmr0ZWam-0CFQzCdwod2qwBvA&gqi=&layout=/sadbundle/%24csp%253Der3%24/2959905697775811345/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
google-creative-id: -1,-1,-1,138331233809,138329880348
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132102
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,5542181261,5493479453
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Tue, 24 Nov 2020 12:41:54 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.afr.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 87ms
38ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 c99576b3488eeca86a24dcaf383a2f76f60681a6
static.ffx.io/images/$zoom_0.1126%2C$multiply_0.1322%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 5 KB
5 KB 8ms
8ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.1126%2C$multiply_0.1322%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/c99576b3488eeca86a24dcaf383a2f76f60681a6
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 61d20d16e7aeec741146d7216bcc24711ba0dcd8c4fd72a701b52fa281e0f79b

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 161203
edge-cache-tag: 264105905417722913976577546972359828466,229448991950955407310317754171294541806,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="c99576b3488eeca86a24dcaf383a2f76f60681a6.webp"
content-length: 4838
x-served-by: cache-fra19138-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 264105905417722913976577546972359828466 229448991950955407310317754171294541806 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 01 Nov 2020 02:13:45 GMT
server: cloudinary
x-timer: S1606221714.183128,VS0,VE1
etag: "5d837a1eca2201ab6f5bd5c8d01fe50c"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 d2c50b732b9de83377cb29b80ebd099c09d83067
static.ffx.io/images/$zoom_0.5298%2C$multiply_0.1322%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_68/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/ 3 KB
3 KB 7ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.5298%2C$multiply_0.1322%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_68/t_crop_custom/e_sharpen:25%2Cq_85%2Cf_auto/d2c50b732b9de83377cb29b80ebd099c09d83067
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: dbee6e5ada4af83d471ed80a9b9bb13f798cc34df3d7082c91dd701eea422a8c

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 166635
edge-cache-tag: 257772156100735457449357767880694822532,168581757133248242648955968196061057441,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="d2c50b732b9de83377cb29b80ebd099c09d83067.webp"
content-length: 2770
x-served-by: cache-fra19175-FRA, cache-fra19125-FRA
x-cache: MISS, HIT
x-cld-skey: 257772156100735457449357767880694822532 168581757133248242648955968196061057441 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 22 Nov 2020 13:03:18 GMT
server: cloudinary
x-timer: S1606221714.186994,VS0,VE2
etag: "16fc32e911a4f22b4fc8ca1c160a2a8c"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

POST
H/1.1 200
OK / Show response
l.ffx.io/ 2 B
417 B 299ms
298ms XHR
text/plain 54.66.206.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.4cab25d017c6d7138357.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.66.206.35 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-66-206-35.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Tue, 24 Nov 2020 12:41:55 GMT
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Length: 2

OPTIONS
H/1.1 204
No Content /
l.ffx.io/ Frame 0
0 1266ms
297ms Other 54.66.206.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Protocol: HTTP/1.1
Server: 54.66.206.35 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-66-206-35.ap-southeast-2.compute.amazonaws.com
Software: nginx/1.15.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Content-Length: 0
Date: Tue, 24 Nov 2020 12:41:55 GMT
Server: nginx/1.15.9
Connection: keep-alive

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5166
date: Tue, 24 Nov 2020 11:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 24 Nov 2020 13:15:48 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 142ms
38ms XHR
application/json 34.242.67.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&d_nsid=0&ts=1606221714412

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.67.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-67-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

fb7e37f710003fff8b20099161831610b616b1e0de3a6aa3a42d82fcd5982aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v086-0482ead24.edge-irl1.demdex.com 5.80.1.20201111130852 3ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: wZkQaXHIRt8=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 874
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 collect.js Show response
10510523.collect.igodigital.com/ 9 KB
2 KB 572ms
107ms Script
application/javascript 18.204.189.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://10510523.collect.igodigital.com/collect.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.204.189.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-204-189-7.compute-1.amazonaws.com
Software: /
Resource Hash: 4a63ccc41b6e27c88fca243efd1030d401bc83bd3ae22aaff2b0d1354ba25703

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
content-encoding: gzip
last-modified: Mon, 23 Nov 2020 23:11:26 GMT
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 p.js Show response
cdn.parsely.com/keys/afr.com/ 71 KB
25 KB 87ms
35ms Script
application/x-javascript 65.9.69.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/afr.com/p.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.69.60 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: cd21a037e60f26a04b6dba3307eba555de1e4194d38fa41b7008fbdb5fc9da6c

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Tue, 24 Nov 2020 01:43:27 GMT
content-encoding: gzip
last-modified: Mon, 16 Nov 2020 22:40:18 GMT
server: nginx
age: 39475
etag: "5fb2ffd2-11c89"
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: _UmQr1_V-hAcMBX-xIEYEWzmDSwaQLwpZKAuHeWPK_yorVYkvjFE-g==
expires: Wed, 25 Nov 2020 01:43:27 GMT

GET
H3-Q050

200

fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-G...
adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-h... Frame 4916
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20...
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripple...
https://adservice.google.com/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples...
https://adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-...

0
0

43ms
43ms

Document
image/gif

2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 24 Nov 2020 12:41:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 24 Nov 2020 12:41:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.de/ddm/fls/p/src=6633783;dc_pre=CNvd6JWam-0CFUWOmwodLMMAbg;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3215930910548.681;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2

200

m
secure-gl.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-s...
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-s...

44 B
491 B

149ms
149ms

Image
image/gif

2600:9000:206f:400:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&sr=1600x1200&id=lstrg-c3b8db7cbd1b56a9de08a9692382b4ec&tz=1&ja=1
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 44
x-amz-cf-id: pTWId5TfnUyw2lcAuuwNGEFyhBL1cEqeDQDG0wEOgsqnOSk4VntcsQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
location: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1606221714419&ci=f2&js=1&cg=0&ts=embed-loader-min.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&sr=1600x1200&id=lstrg-c3b8db7cbd1b56a9de08a9692382b4ec&tz=1&ja=1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: gyanwOve0wv3H_xwAtF6kEkvnbSSlbOAxVfdnHwjo3knw3bvlSrWPA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-G...
adservice.google.de/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/companies/fina...
Redirect Chain

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714?
https://ad.doubleclick.net/activity;dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714?
https://adservice.google.com/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/compa...
https://adservice.google.de/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/compan...

42 B
262 B

17ms
16ms

Image
image/gif

2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.de/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://adservice.google.de/ddm/fls/p/dc_pre=CN3455Wam-0CFU4y0wodyA4CDg;src=6633783;type=afrpa0;cat=paywall;ord=6513062668718;gtm=2wgb41;auiddc=639991757.1606221714;~oref=https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3F_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 672ms
108ms XHR
text/plain 3.210.102.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.102.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-102-70.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 24 Nov 2020 12:41:55 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 47ee4ae4-0608-4d70-9a48-c99f0b45e0cd

GET
H2 200 async_lib.js Show response
farm.plista.com/ 83 B
431 B 1127ms
57ms Script
application/javascript 176.9.103.51
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://farm.plista.com/async_lib.js?json=%7B%22name%22%3A%22PLISTA_%5B0%5D%22%2C%22publickey%22%3A%22fc2c63baa23f7c11ea923073%22%2C%22objectid%22%3A%22p56f9c%22%2C%22rev%22%3A1574777177%2C%22req%22%3A%5B%5B%22isarticle%22%2C%7B%22updated_at%22%3A1606050000%7D%5D%5D%7D&x=1606221714526
Requested by: Host: static-au.plista.com
URL: https://static-au.plista.com/async.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 176.9.103.51 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.51.103.9.176.clients.your-server.de
Software: nginx /
Resource Hash: 6522e8f23fbc41f55f4f8215011e7ce062e7aaeae1bfed26eb8bb773dadf3583

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:55 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 12:41:55 GMT
server: nginx
p3p: policyref="https://www.plista.com/w3c/p3p.xml", CP="CAO DSP COR TAIa PSAa PSDa IVAi IVDi CONi HISa OUR IND PHY ONL UNI COM NAV INT DEM STA PRE"
cache-control: no-cache, must-revalidate
content-type: application/javascript; charset=utf-8
content-length: 101
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 173 KB
50 KB 7ms
7ms Script
application/javascript 2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 43ec631c14060e4d10a7fc3b6b96296f20e718d65fb51558370d41eda08a3ddc

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 8pyu2AVizz7qLhkNLlydOCakgrumnPjD
content-encoding: gzip
etag: "2a3ec0074402cc8fa654f381bebd2e04"
last-modified: Tue, 17 Nov 2020 14:36:24 GMT
server: AmazonS3
age: 1081
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 24 Nov 2020 12:23:53 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: DNd-Y6UvgAW0tlM-yK2kPiTeNsI3YATfGQV7m5LQ95DK0GnqvaeSuQ==

POST
H2 200 /
www.facebook.com/tr/ 0
68 B 7ms
5ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryB6kW1pMFBkMHmdSX

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 24 Nov 2020 12:41:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
235 B 8ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&rl=&if=false&ts=1606221714531&sw=1600&sh=1200&v=2.9.29&r=stable&ec=0&o=30&fbp=fb.1.1606221714530.652176643&it=1606221713784&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 24 Nov 2020 12:41:54 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
211 B 9ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&rl=&if=false&ts=1606221714533&sw=1600&sh=1200&v=2.9.29&r=stable&ec=1&o=30&fbp=fb.1.1606221714530.652176643&it=1606221713784&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 24 Nov 2020 12:41:54 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
212 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&rl=&if=false&ts=1606221714534&sw=1600&sh=1200&v=2.9.29&r=stable&ec=1&o=30&fbp=fb.1.1606221714530.652176643&it=1606221713784&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 24 Nov 2020 12:41:54 GMT

GET
H3-Q050 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 11:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 3110
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Tue, 24 Nov 2020 12:50:04 GMT

GET
H/1.1 200
OK Cookie set dest5.html
fairfaxau.demdex.net/ Frame ECAC 0
0 388ms
35ms Document
text/html 54.229.194.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfaxau.demdex.net/dest5.html?d_nsid=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.194.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-194-56.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: fairfaxau.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=07597743486455176352481989588667380398
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 12 Nov 2020 15:41:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=07597743486455176352481989588667380398;Path=/;Domain=.demdex.net;Expires=Sun, 23-May-2021 12:41:54 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: OK22KQ0oTek=
Content-Length: 2785
Connection: keep-alive

POST
H/1.1 200
OK event Show response
nd.demdex.net/ 2 KB
2 KB 1198ms
40ms XHR
application/json 54.229.194.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/event?_ts=1606221714414

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.194.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-194-56.eu-west-1.compute.amazonaws.com

Software

Resource Hash

78e7c1772f2d8612afd32458f0b1bef1be80d7bb18ba13640dce14fd49c281f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v086-0be3dfc9c.edge-irl1.demdex.com 5.80.1.20201111130852 8ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: XrpF5/knQe0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1547
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 3A4C 0
0 10ms
10ms Document
text/html 2600:9000:206f:400:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: cdn-gl.imrworldwide.com
:scheme: https
:path: /novms/html/ls.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSCVER=v1; IMRID=6ebc4400-2e52-11eb-98fe-afa531204417
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

content-type: text/html
last-modified: Tue, 17 Nov 2020 14:36:23 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: fXiAi9JTI1XHMxGqL.0MvkCakB1rMXT9
server: AmazonS3
content-encoding: gzip
date: Tue, 24 Nov 2020 12:38:44 GMT
etag: "7fa83dfc7b78314b137e2eb13834daa7"
cache-control: max-age=86400
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: NOmvIj1y55OpsQTQubYbDCIwLzQx-E0Z5kcV7uA6bEsOykyON1mhUA==
age: 191

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
65 B 13ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1547411456&t=pageview&_s=1&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&dp=%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Fake%20Zoom%20invite%20cripples%20Aussie%20hedge%20fund%20with%208m%20hit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aChAAEALAAAAAC~&jid=1707824672&gjid=836091565&cid=2070178579.1606221714&tid=UA-91053368-8&_gid=159039764.1606221715&_r=1&gtm=2wgb41NN4PPKH&cd1=afr&cd2=2020-11-22T13%3A00%3A00.000Z&cd3=2020-11-22T13%3A00%3A00.000Z&cd4=Angus%20Grigg%20and%20Jemima%20Whyte&cd5=WEB&cd6=3885E406-E971-4CE0-AB3F-08CD95CFB614&cd7=article&cd8=Companies&cd9=financialservices&cd10=authoring&cd11=p56f9c&cd12=false&cd14=visitor&cd16=0&cd21=AFR&cd22=Managed%20funds%7CHedge%20funds%7CPrivate%20equity%7CCommonwealth%20Bank%20of%20Australia%7CAustralia%20and%20New%20Zealand%20Banking%20Group%20Limited%7CCyber%20warfare%7CInformation%20security&cd23=Cyber%20security%20(Editorial%20use)&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd33=%223dd0100f-0010-4729-b5d1-cbc72fb74cf3%22&cd38=&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&cd46=Fake%20Zoom%20invite%20cripples%20Aussie%20hedge%20fund%20with%208m%20hit&cd56=visitor&cd57=false&cd60=&cd61=false&cd62=&cd63=&cd64=&z=1993854434

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect
www.google-analytics.com/ 35 B
69 B 14ms
13ms Other
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 102ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-91053368-8&cid=2070178579.1606221714&jid=1707824672&gjid=836091565&_gid=159039764.1606221715&_u=aChAAEAKAAAAAC~&z=1344399112

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 24 Nov 2020 12:41:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-91053368-8&cid=2070178579.1606221714&jid=1707824672&_u=aChAAEAKAAAAAC~&z=1945461539

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-91053368-8&cid=2070178579.1606221714&jid=1707824672&_u=aChAAEAKAAAAAC~&z=1945461539

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adc.nine.com.au/ 89 B
541 B 1161ms
322ms Fetch
application/json 54.79.6.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.79.6.223 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-79-6-223.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

6ea5cebdfa158f35e4c1cf103fdd1219eb0d71e90298cb7549c8a9d26f604231

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:55 GMT
server: awselb/2.0
vary: Origin
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.afr.com
api-supported-versions: 1.0
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=2592000
content-type: application/json; charset=utf-8
content-length: 89

GET
H2 200 track_page_view
nova.collect.igodigital.com/c2/10510523/ 43 B
714 B 119ms
118ms Image
image/gif 18.204.189.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22Fake%20Zoom%20invite%20cripples%20Aussie%20hedge%20fund%20with%20%248m%20hit%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email%22%2C%22referrer%22%3A%22%22%2C%22user_info%22%3A%7B%7D%7D

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.204.189.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-204-189-7.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.005714
date: Tue, 24 Nov 2020 12:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
etag: W/"db04c7b378cb2db912c3ba8a5a774ee3"
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: df830169-f7c3-468c-88e4-962d17c23a4a

GET
H/1.1 200
OK /
srv-2020-11-24-12.pixel.parsely.com/plogger/ 43 B
229 B 473ms
111ms Image
image/gif 34.198.72.16
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2020-11-24-12.pixel.parsely.com/plogger/?rand=1606221715004&plid=25510969&idsite=afr.com&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22_pageviewID%22%3A%223885E406-E971-4CE0-AB3F-08CD95CFB614%22%7D&sid=1&surl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&sref=&sts=1606221714997&slts=0&title=Fake+Zoom+invite+cripples+Aussie+hedge+fund+with+%248m+hit&date=Tue+Nov+24+2020+13%3A41%3A55+GMT%2B0100+(Central+European+Standard+Time)&action=pageview&js=1&pvid=26194217&u=pid%3Df508465f734ec39ee88e1d1365fb9f69
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.198.72.16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 24 Nov 2020 12:41:55 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 /
www.facebook.com/tr/ 0
53 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryGc5QDFnrPLVXx7NS

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 24 Nov 2020 12:41:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 6F63 180 KB
50 KB 40ms
14ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 185442
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Sun, 22 Nov 2020 09:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Nov 2021 09:11:13 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 6F63 13 KB
5 KB 40ms
13ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 253522
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Sat, 21 Nov 2020 14:16:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Nov 2021 14:16:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 6F63 90 KB
28 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 253522
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Sat, 21 Nov 2020 14:16:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Nov 2021 14:16:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 6F63 3 KB
1 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 185085
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Sun, 22 Nov 2020 09:17:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Nov 2021 09:17:10 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 6F63 41 KB
13 KB 42ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 253521
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Sat, 21 Nov 2020 14:16:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Nov 2021 14:16:34 GMT

GET
DATA 200
OK truncated
/ Frame 6F63 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56801bcef89d8c7f45c5045ca455eec0b702190da15e3260529d08058fb33563

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 container.html
6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 755A 0
0 34ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Tue, 24 Nov 2020 12:41:54 GMT
expires: Wed, 24 Nov 2021 12:41:54 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 8123120827238733000
tpc.googlesyndication.com/simgad/ Frame 6F63 67 KB
68 KB 11ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8123120827238733000?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlVP0XAJqFOy6IGDy8Wl0i58MZ5QA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfc1d3dce886993aa4f3731ac4c17547e08ca33d63077809ce89332fb3863d31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 10:31:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jul 2020 23:25:01 GMT
server: sffe
age: 7853
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69039
x-xss-protection: 0
expires: Wed, 24 Nov 2021 10:31:02 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F63 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Nov 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 5577
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 25 Nov 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F63 295 B
399 B 10ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Nov 2020 22:32:01 GMT
x-content-type-options: nosniff
server: cafe
age: 50994
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 24 Nov 2020 22:32:01 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 6F63 0
0 16ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRFMTurJum6NeiJZ2GOPkFrtViTBBOqkRkeQp0jO-qzpBj1wWhJWUARuBYpb7RTDq4keV98
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6F63 0
0 70ms
68ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUpzmkv-8X6iaC4yE3wPa2YbgC82bnZ5gnPbI7cUMv-EeEAEgvdu5YGCRhJOF_BegAc2o19UDyAEC4AIAqAMByAMIqgS4A0_QQ3rg5hIt4ennyTq-G6_BkDNFgcfK3oyXJv-EagZ0NdvDGD_uD3pDcmyWpNWDf1Mtq0vw74d9D8EseFkvx9sDPsKQNJ-l6HqC5qkPsqWDYnR3W8odsF1uR18NKqTbDVG-oUkJaejvMQSWibKSsbd2PcFcNtDW8Sbqwg4CL4aLOJzEVaT97AQMTdx0n5r6nn7qbFK-NyAJAll6E3UlW8vpr9X19lVUSBbEXpf7gYR8s5JtlJRYT_uyWP8aFClt4YvXBFBQi8AyQAmq0YQpbDxPT4wpxQ8gs04BJkfc2RteXIM3WbZgCmwkIXiQExmaF8Vri87CoN0JEwY6rKwKDCaliEORJHw7Y4NlB3xjtu1Jd0b0KP-NIaCMaKJ5tGe7C1hhFbJkIfUh8o4O5_CHLLVhhZZMMFF_tsOrnnY2Abo0_tvOdZwj4emxIcHCo48SXijtS3SH1UcnKnG1Q1dN6mKN-Hzgfk5D8XyZdDe5wqkbLzW5Nku3t6EYP3nFwJ7-5nE01c-2iuAJfuFKMKpWuf4C9WBdBcB7L3xBPZUUX73k-eMtpYxJWW08q8dEUmNVFypOvPc2e67vwATUnrjOiQPgBAGSBQQIBBgBkgUECAUYBKAGAoAHm9eoKqgH1ckbqAfw2RuoB_LZG6gHlJixAqgHpd8bqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEELqkKNIICQiA4YBwEAEYHYAKA8gLAdgTDbIXGgoYCAESFHB1Yi04MDI3NjU1OTE3MzQ5NDEw&sigh=VX6A6qpLIFE&tpd=AGWhJmuLCKMqH8jJB1BHkVBtx7O8vTvwYRgJ1VYH7ckz0zRp1w
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d56ee6a2ba915ad87e2dc9b49d9199563f3b35f9e048938e84d1a033e5c2b1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1605702985553312"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28207
x-xss-protection: 0
expires: Tue, 24 Nov 2020 12:41:55 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 6F63
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

51ms
51ms

Image
text/html

2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Tue, 24 Nov 2020 12:41:55 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 8123120827238733000
tpc.googlesyndication.com/simgad/ Frame 6F63 67 KB
68 KB 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8123120827238733000?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlVP0XAJqFOy6IGDy8Wl0i58MZ5QA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfc1d3dce886993aa4f3731ac4c17547e08ca33d63077809ce89332fb3863d31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 10:31:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jul 2020 23:25:01 GMT
server: sffe
age: 7853
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69039
x-xss-protection: 0
expires: Wed, 24 Nov 2021 10:31:02 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F63 2 KB
3 KB 6ms
5ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Nov 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 5577
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 25 Nov 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F63 295 B
389 B 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Nov 2020 22:32:01 GMT
x-content-type-options: nosniff
server: cafe
age: 50994
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 24 Nov 2020 22:32:01 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 7ms
6ms Script
application/x-javascript 2600:9000:206f:6000:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: engage.eftsure.com.au
URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6000:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d5132eb4775fe5c85d515453cb238727620936adc84e5f727d495f8fefa2eba3

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 11:49:59 GMT
content-encoding: gzip
last-modified: Wed, 14 Oct 2020 03:23:55 GMT
server: nginx
age: 3116
etag: W/"5f866f4b-8e0b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 2fc0d20914c32e5cd76477ed042298d1.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: pNuucqyjuKcBY-8C4yy1a1BThmOzaj-kWC6CSks2ACAwMEFH8zs4nw==
expires: Tue, 24 Nov 2020 13:49:59 GMT

GET
H/1.1 200
OK Cookie set dest5.html
nd.demdex.net/ Frame EF3C 0
0 49ms
33ms Document
text/html 54.229.194.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/dest5.html?d_nsid=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.194.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-194-56.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: nd.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=07597743486455176352481989588667380398; dextp=358-1-1606221714975|470-1-1606221715016|481-1-1606221715027|466-1-1606221715039|771-1-1606221715054|782-1-1606221715111|832-1-1606221715178|23728-1-1606221715385|30064-1-1606221715404|30646-1-1606221715464
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 19 Nov 2020 15:01:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=07597743486455176352481989588667380398;Path=/;Domain=.demdex.net;Expires=Sun, 23-May-2021 12:41:55 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: FM8D0naRQ7E=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020111701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99875da073e98d245b788296e74922c5a3825512d60bdda5ce646d646c1b252a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Nov 2020 12:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6554
x-xss-protection: 0

GET
H2 200 ping
ping.chartbeat.net/ 43 B
169 B 572ms
105ms Image
image/gif 18.235.56.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=afr.com&p=%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c&u=CxR4mQDqN19uCCqveS&d=afr.com&g=27223&g0=companies%2C%20article&g1=Angus%20Grigg%20and%20Jemima%20Whyte&g4=article&n=1&f=00001&c=0&x=0&m=0&y=3736&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&b=3505&_c=Business%20Email%20Compromise&_m=email&_x=hs_email&_y=100739388&_s=%7B%22pageViewId%22%3A%223885E406-E971-4CE0-AB3F-08CD95CFB614%22%7D&t=0wwd_DMWV5wIqv2tCZh6igChrvEE&V=121&i=Fake%20Zoom%20invite%20cripples%20Aussie%20hedge%20fund%20with%208m%20hit&tz=-60&_acct=anon&sn=1&sv=CywW3XB99MV4Dd20qVDM1FdVCTCoSB&sd=1&im=067b2ef3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.56.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111701.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 24 Nov 2020 12:41:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Tue, 24 Nov 2020 12:41:55 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 0C86 0
0 6ms
6ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Tue, 24 Nov 2020 12:10:12 GMT
expires: Wed, 24 Nov 2021 12:10:12 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1903
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
196 B 15ms
15ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020111701&jk=3535620156864262&bg=!XF-lX3_NAAVGySeIRliubtg99KG0_gIAAACCUgAAABJoAQcKAOgR7gx1SFy1NyWtSW6ktqHKFdAbd1y91nFXTuF6o-Tb_m-ZroDgVAD0mCZdHt1DnE6cSe299z_gYhJLmnMqjg1P40qnbVewHrr5ip3bzZBgRyvOpmkOstRtBAg9A356nuUEwIja0wFS9rP9EL68dQZ9GTfSokdIsZWzn7LGmHbe1nn449_FSr1WWvuGIGpSGIwh4WIj0wNCmci-yeSZ8tvJqqyeNvaumCOzf50r007gxkJ7tkb34K2hobzK3OE6f4RXm5lELN6y1meFnmYM4MbPF3JSlPkdcgSpF9Vk-ruG7OZYD0sKYH6QmQG0cFee2qYoS-T1rgj4dQ0QIPUxJ7Fix9lAn4fWf9nRnfS0OIslfgIZHrOAZEsPw4ky2eZ3PSSGhZ77zhnOq3mOJ3Jv27P60HO6RH990JCwIo013T1Ea3IUtOBX4_SCdRw82DD4IE_9tZXHQesNQlzmgjbJVT9UZ0zdbQnJSyQG-gnSLHGEEr5y9XImFN4LP0voi4j0jO_kpuJw5iwda107MDb3r8VbZU4kQJmJvgzflnSoYXbRD7D7InL5s-fWJsYZ_uLP_uEdKdiQS-B_FMOcIks0_GcNUcO5Wh7hivEk4fWHZbqTPo7XwHDmNxV_xtYg3nLKiKEFGDph83oHWO2rORPA-VuSzrPmWTFD8tc5QiD_0sRfQI0ZSBn1CJ44uaKaj58SNg-Au2YUhzJiuigO2KECUKO1OvrVJu8vr_MACHddKwCJ5Dp_lAbe1DFrghKWQMXFfArjg7TqsOIv0jmT__Zj6soTXwBdkgqinRckMblT0PWMVhF-oBijmUh5uTQHfKARLVv4EuWCryJtRn08VqEH9GSV_PuaAY29e1Z57o3uOnISJAmOR9X7yC5TJ38ZTbgGww

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
adc.nine.com.au/ Frame F34A
Redirect Chain

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fadc.nine.com.au%3FappNexusUid%3D%24UID
https://adc.nine.com.au/?appNexusUid=6063455372811408341

0
0

322ms
322ms

Document
application/json

54.79.6.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?appNexusUid=6063455372811408341

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.79.6.223 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-79-6-223.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

:method: GET
:authority: adc.nine.com.au
:scheme: https
:path: /?appNexusUid=6063455372811408341
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NUID=5da4281a79d747f086015a13c4c22ed1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Response headers

server: awselb/2.0
date: Tue, 24 Nov 2020 12:41:56 GMT
content-type: application/json; charset=utf-8
content-length: 89
api-supported-versions: 1.0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
set-cookie: NUID=5da4281a79d747f086015a13c4c22ed1; expires=Wed, 24 Nov 2021 12:41:56 GMT; domain=.nine.com.au; path=/; secure; samesite=none
strict-transport-security: max-age=2592000

Redirect headers

Server: nginx/1.17.9
Date: Tue, 24 Nov 2020 12:41:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://adc.nine.com.au?appNexusUid=6063455372811408341
AN-X-Request-Uuid: 6dec8fbd-ffe7-4efe-9017-8969c6bbd314
Set-Cookie: uuid2=6063455372811408341; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 22-Feb-2021 12:41:56 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 726.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.230:80

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 327ms
327ms XHR
text/plain 13.210.79.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.210.79.122 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-210-79-122.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Tue, 24 Nov 2020 12:41:56 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 307ms
306ms Other 13.210.79.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 13.210.79.122 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-210-79-122.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Tue, 24 Nov 2020 12:41:56 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6F63 42 B
94 B 17ms
17ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1AexZYVYuhWF54owaWhTHecZYCMpWHIhfJAmKt7nZA_-OXrFEkhJa8LC2tEiGcr_mnL8fikA0fO4Atp0pRo6epYuJnxB8hvG8mjVyGX64rdIvHcidUJJ1a9GvSw&sai=AMfl-YRl0e_Mr2FI-FBKsUnlpRNw3M85llrESHDWOgygYtfGrXO0IxKw0-QpmoYs1phI1Jz-McDVvI-cjGODgIQU0HKbuWkgAfEZ9F8Gfz_Zu-TfSq_BLZ-x09CM0gnWxzc&sig=Cg0ArKJSzKeMnzHkbxVPEAE&cid=CAASPeRoPgVWQvJ_zlBNhzn2_mRlhtY17fnLeZpzcGyVlCqj7HBanI8DVbbCWoqttx06cXeqQNVpMjbbJjmnzaI&id=ampim&o=315,212&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=255&tls=1256&g=100&h=100&tt=1256&r=v&avms=ampa&adk=3858930837

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
336 B 36ms
36ms Image
image/gif 63.34.165.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-302812&ch=au-302812_b25_afr.com-brand%20only_S&asn=afr.com-brand%20only&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&devmodel=&manuf=&sysname=&sysversion=&sessionId=h8jmhgkv6layfxngtge7f3ohfcmpk1606221714&prv=1&c6=vc,b25&ca=NA&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,afr&sup=0&segment2=&segment1=&forward=1&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,huxt4ipi1qpaksqf7zbqhx53sobz71606221714&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16062217145859509&c30=bldv,6.0.0.563&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&devtypid=&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=p56f9c&c3=st,c&c64=starttm,1606221716&adid=p56f9c&c58=isLive,false&c59=sesid,&c61=createtm,1606221716&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Ffake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c%3Futm_campaign%3DBusiness%2520Email%2520Compromise%26utm_medium%3Demail%26_hsmi%3D100739388%26_hsenc%3Dp2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE%26utm_content%3D100739388%26utm_source%3Dhs_email&c66=mediaurl,&c62=sendTime,1606221716&rnd=842482
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.165.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Nov 2020 12:41:57 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 18:29:33	Name: dextp Value: 358-1-1606221714975\|470-1-1606221715016\|481-1-1606221715027\|466-1-1606221715039\|771-1-1606221715054\|782-1-1606221715111\|832-1-1606221715178\|23728-1-1606221715385\|30064-1-1606221715404\|30646-1-1606221715464
.imrworldwide.com/	1970-01-19 23:31:57	Name: IMRID Value: 6ebc4400-2e52-11eb-98fe-afa531204417
.imrworldwide.com/	1970-01-19 23:31:57	Name: SSCVER Value: v1
.afr.com/	1970-01-19 14:10:21	Name: _gat_ffxTracker Value: 1
.afr.com/	1970-01-19 14:10:23	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%2520Email%2520Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email%22%2C%22sref%22:%22%22%2C%22sts%22:1606221714997%2C%22slts%22:0}
www.afr.com/	1970-01-19 14:11:48	Name: ffx:audienceSegment Value: single/loyal
.afr.com/	1970-01-19 14:11:48	Name: _gid Value: GA1.2.159039764.1606221715
.afr.com/	1970-01-19 23:31:57	Name: __gads Value: ID=662eb87b434cd0aa-22b0ef9c44b90095:T=1606221714:S=ALNI_MaCfGFAWrfVhJzp6N1tU1mQrdZjBQ
.afr.com/	1969-12-31 23:59:59	Name: AMCVS_BEB5C8A15492DB600A4C98BC%40AdobeOrg Value: 1
.demdex.net/	1970-01-19 18:29:33	Name: demdex Value: 07597743486455176352481989588667380398
.afr.com/	1970-01-19 14:10:23	Name: _hjAbsoluteSessionInProgress Value: 0
.afr.com/	1970-01-20 07:41:33	Name: _ga Value: GA1.2.2070178579.1606221714
.afr.com/	1970-01-19 23:39:45	Name: _parsely_visitor Value: {%22id%22:%22pid=f508465f734ec39ee88e1d1365fb9f69%22%2C%22session_count%22:1%2C%22last_session_ts%22:1606221714997}
.afr.com/	1970-01-19 16:19:57	Name: _fbp Value: fb.1.1606221714530.652176643
.doubleclick.net/	1970-01-19 14:10:25	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 23:31:57	Name: IDE Value: AHWqTUl98Z5EsQrqpVjRR4Ya2NQBjJOJJD7_nLyNfdJ16BNHtqVq98hFGImNlP45
.afr.com/	1970-01-19 16:19:57	Name: _gcl_au Value: 1.1.639991757.1606221714
.afr.com/	1970-01-19 14:10:23	Name: _sp_ses.0af9 Value: *
.afr.com/	1970-01-20 07:41:33	Name: _sp_id.0af9 Value: 00c9f54e-a885-4a58-b03e-66e9570f740e.1606221714.1.1606221714..62b68fb1-39d9-4424-8f96-3a5c8d8eab0d
.afr.com/	1970-01-20 07:41:33	Name: AMCV_BEB5C8A15492DB600A4C98BC%40AdobeOrg Value: -1176276602%7CMCIDTS%7C18591%7CMCMID%7C07816129143228017862459622982727073687%7CMCAAMLH-1606826514%7C6%7CMCAAMB-1606826514%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1606228914s%7CNONE%7CMCAID%7CNONE
www.afr.com/	1970-01-19 14:53:33	Name: paywallMonthlyRolloverDate Value: 2020-12-24T12:41:54.438Z

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://engage.eftsure.com.au/e2t/tc/VVRMMl3TJD90W3Fsn-47Ln31rW28qdJZ4jM_zMN7TcW1V5nxGLV3Zsc37CgW9pW68dpB13dXq0jV-NNR63X_DYlW1sTQYQ7PmxzYVRYM686-0fV6W5qVCb87GQGk8W6Fj0Lc7SWtcBW3hznv93XX_4tW83Yb792w34qgW1H_tyt5XnXJzW7mZd3q5Yryc4W5Nc5Yh2-jRNYW5dCvbz3_LQ2FVmNMsv8HJy9BW21n8qT5XZKYcVR4ssB2zVQTSV1YZxM9496C5W7Y_KmR6F4kwBW4RgQTz76nCKvW7ZZhTm8-b0bcW5Q3MTx1hBFLzW6vHWv_1xMqg7W5CrFsm3-nzDqW6y_3KZ2ZdB3gW5D3Srr2yy1WyW2HsDYZ8l6D1hW5FRzLX1H_vTBW21lDGt6k3VJXW7NSTGy5QzSfdW94MWrs5QZpSDW6xp4CM3wWr7KW51vxXT4Xb0J2W7bVxf13cn_QDW4lfFrS8HJvJxW1VBJyC51p8NlW7HNLYR5crX3HW68TX-r7jjvrt31b81(Line 13) Message: toS
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - You are sending a non-standard event 'Paywall'. The preferred way to send these events is using trackCustom. See 'https://developers.facebook.com/docs/ads-for-websites/pixel-events/#events' for more information.
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c?utm_campaign=Business%20Email%20Compromise&utm_medium=email&_hsmi=100739388&_hsenc=p2ANqtz--CqwEP1huvmGU_jJowjFe_576RKuaTmzhslYzuVfNpvVMoqYSwarR1l7468GEG21cbOr7vC--wnNTZCiF8-n-GONsLtTZX7F1_7jYzEr6eBgW9jnE&utm_content=100739388&utm_source=hs_email

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10510523.collect.igodigital.com
6678190d3f532fe1e319584ab170dce0.safeframe.googlesyndication.com
a304207300.cdn.optimizely.com
ad.doubleclick.net
adc-js.nine.com.au
adc.nine.com.au
adservice.google.com
adservice.google.de
adservice.google.nl
api.afr.com
cdn-gl.imrworldwide.com
cdn.ampproject.org
cdn.optimizely.com
cdn.parsely.com
connect.facebook.net
d2uhnetoehh304.cloudfront.net
dpm.demdex.net
e.infogr.am
engage.eftsure.com.au
fairfaxau.demdex.net
fairfaxmedia.gscontxt.net
farm.plista.com
googleads.g.doubleclick.net
i.ffx.io
ib.adnxs.com
l.ffx.io
logx.optimizely.com
nd.demdex.net
nova.collect.igodigital.com
pagead2.googlesyndication.com
ping.chartbeat.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
script.hotjar.com
secure-au.imrworldwide.com
secure-dcr.imrworldwide.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
sjs.bizographics.com
snap.licdn.com
srv-2020-11-24-12.pixel.parsely.com
static-au.plista.com
static.chartbeat.com
static.ffx.io
static.hotjar.com
static.plista.com
stats.g.doubleclick.net
tpc.googlesyndication.com
vars.hotjar.com
www.afr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
104.111.218.144
13.210.79.122
138.201.125.235
158.101.193.141
172.217.22.38
176.9.103.51
18.204.189.7
18.235.56.156
185.33.221.88
199.60.103.2
216.58.206.2
23.111.11.152
2600:9000:206f:400:1e:a43d:b640:93a1
2600:9000:206f:400:2:42d9:3100:93a1
2600:9000:206f:5a00:10:2964:9d00:21
2600:9000:206f:6000:18:1fcd:34e:d2a1
2600:9000:206f:8e00:7:3896:c640:93a1
2606:2800:234:59:254c:406:2366:268c
2620:1ec:21::14
2a00:1450:4001:802::2004
2a00:1450:4001:808::2001
2a00:1450:4001:816::2001
2a00:1450:4001:817::2002
2a00:1450:4001:817::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::2003
2a00:1450:4001:820::2001
2a00:1450:4001:824::200e
2a00:1450:400c:c0c::9c
2a02:26f0:10c:48f::3adf
2a02:26f0:10c:58e::25ea
2a02:26f0:6c00:2a0::13b8
2a02:26f0:6c00::210:ba20
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:600::645
2a05:f500:10:101::b93f:9105
3.210.102.70
34.198.72.16
34.242.67.216
54.229.194.56
54.229.195.34
54.66.206.35
54.79.6.223
63.34.165.134
65.9.68.107
65.9.68.116
65.9.68.77
65.9.68.87
65.9.69.60
019744965d0ec24185c7c4c6aa763f7ed2ed55627d14ba04ea211c03ffc9bf3b
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06629ac9e9f22099ea80d6c3ff6b0ee4e59a66c89af29aa4111c35e41e6baaf2
0b3c489aed36762153272d65dd601fa3c0bb0cb7e789248a565238c916c7c288
0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10e22e96d9a3e56996a963ff8b59db06503a4aff2500b31114601f6535b2c57a
121667f68fa7590d28616147c172c04376ce47c28dddb4550e010cac7ec16e12
147daa58374d2b0ac90bbbe586d6ca30e11abd8aa7fe7eb3e109311af82c583e
16f0cd67a928c45e4fc480e7c770aa23cd6586384e51556512387a268a009c29
22fba34a72b04cb449f3222f2e5677dc28e8b1dbabac434b2e7d679a75a4021e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
280455b0b73c2845cd34db6ce0cf8a555b138e1376894edddc9366c72554fe70
2893094ad385dabc708440cc86a052c5e527bd9323eb14421096520a5f1c858a
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
2e527a3483125d104275304b1fe7dcd1e83ac2bbc1ea65a94eea2184e513cdd1
2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb
2f46b13df7e4fa7157c1eb0477a04698d3b552f283b19c6f5dce24e1bb8fd573
338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
408f31300a65a967877bf6adb181b8d5154413af8ace7b6e08c8a12545c3fd58
4225b1cb63f080e88f154957d6371df6529df92f73f6b93a5c5a92d8e26df609
43ec631c14060e4d10a7fc3b6b96296f20e718d65fb51558370d41eda08a3ddc
477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb
48fcb83f88c6b3b27c820d40a7cf2fce909c7483e61fbd8b1924996f0f6e4d0d
4a63ccc41b6e27c88fca243efd1030d401bc83bd3ae22aaff2b0d1354ba25703
56801bcef89d8c7f45c5045ca455eec0b702190da15e3260529d08058fb33563
57ceb0f29d44047a226a76174be47fdc5935ca09fc6fd303b7c7d366651568ab
5e43a9303f9a87bacb3f24a3345e32a42b170d4a1af38df859e7885813e6efca
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
60269a5edec18da4c5040a679b9264ffd6e97614eb1bad36c0f11692c2f48772
61d20d16e7aeec741146d7216bcc24711ba0dcd8c4fd72a701b52fa281e0f79b
6522e8f23fbc41f55f4f8215011e7ce062e7aaeae1bfed26eb8bb773dadf3583
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
68963209b16bd2a387c310495d51021d2fc57e5df9cb87ac98a0505c0daeca43
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6ea5cebdfa158f35e4c1cf103fdd1219eb0d71e90298cb7549c8a9d26f604231
6f26ba88db52e8d910649cc1d562505b6d053c8968323abb6038af11a3b6733d
73da0025b0177b74096b3e30fc9729e0c40a86ecd1dc7b462ad9faf9e2403e4c
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20
78e7c1772f2d8612afd32458f0b1bef1be80d7bb18ba13640dce14fd49c281f3
796270902c6d7a1b43ccf0c1c4e74e74af867d213fd0f209725978962d07bd14
7b49583198d0163c1ea9541483cef8947331394273700beff7b425febb398f24
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99875da073e98d245b788296e74922c5a3825512d60bdda5ce646d646c1b252a
99ee5c964ba646eb0ba74eddd0d7b83f116b060ba7a06e19bac0c04eebe6866b
9c18a4e772b437682404af43e40ec3db0f1c00873e8f25340dd8234ea324d488
a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee
a5c206638d9c711e49cf200fcd793632146f7f7b42208a67e0503be86321eafc
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1
abfd66b8ce6a0076466f68940afd956eda14fe7e5d8186674a8984d759fd107b
ace674504002bde77738f646325e77a4184eba30a68c8fc9da07f87983f93d3f
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094
b3c2a4829c30295b503c26ea86513045129f8db899838df1d124bc4fa1c5a640
b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5
bdb2d9604c5077ba3c2b068d8a0271d89604028c26eead29b45b84165d44e77b
ca629c8d330e7311530781111f889339d7704c2e42aae365ed41e6669e624931
cd21a037e60f26a04b6dba3307eba555de1e4194d38fa41b7008fbdb5fc9da6c
ce5bab475973e37f13264bb617af9ad0d66ac4f2c8abbd623175b0c4d7a22b8b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d192c551796843f6c2a10c45f2e66e781cc01901139c25771ba3c66841dcfff0
d407eb06577a91fafb74b3e30eaf1f5c4411818059b0dbf45db1535f29ef1f36
d446ac32305aa63ba1ecdc077c632224a59233512933fae00c9acee850a7eafc
d4ae3b4e4b1bc382d00e2b54321b94507533f56092aaabd4a9e0af943c45989c
d5132eb4775fe5c85d515453cb238727620936adc84e5f727d495f8fefa2eba3
d56ee6a2ba915ad87e2dc9b49d9199563f3b35f9e048938e84d1a033e5c2b1c5
d8a4852c02d56abf2fba3c510e39e5f11de8a647bff185fb3d7cde74cfb32d7f
dbee6e5ada4af83d471ed80a9b9bb13f798cc34df3d7082c91dd701eea422a8c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfc1d3dce886993aa4f3731ac4c17547e08ca33d63077809ce89332fb3863d31
e2dd011650c86ea518c13ebd92d1a5a703f9e37ee56a83b5e5ced325b313498e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b89915f5b07a2494caf04ecb0a5d53a103b3a0a81e1e43d723cd74e76f67e4
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d
ebe4c92126bd44035ec0ca2a51821a6c3994b64aee346dc7278a442730eaceae
ec2ce4d09079f4eb2959eb206621a1c063e6d76fc0f87b4f16fa341bcd0880c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f3af1385378f16fe57bab349687c7d75a0a7fa0d648ed4687220ca9ba5423135
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f6a03d1be4b53785c04123bbc00b5eb98e15553da65fea0201887615db0eef6d
fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73
fb7e37f710003fff8b20099161831610b616b1e0de3a6aa3a42d82fcd5982aa5

www.afr.com Open in urlscan Pro 2a04:4e42:600::645 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

129 Requests

100 %HTTPS

50 %IPv6

32 Domains

58 Subdomains

47 IPs

8 Countries

2124 kBTransfer

6679 kBSize

21 Cookies

0 Outgoing links

Page URL History

Redirected requests

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.afr.com Open in urlscan Pro
2a04:4e42:600::645 Public Scan

Screenshot
Live screenshot

Full Image

129
Requests

100 %
HTTPS

50 %
IPv6

32
Domains

58
Subdomains

47
IPs

8
Countries

2124 kB
Transfer

6679 kB
Size

21
Cookies

129 HTTP transactions
2 data transactions