www.heraldsun.com.au Open in urlscan Pro
2.18.233.28 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration...
Effective URL:
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Fe...
Submission: On November 16 via manual (November 16th 2021, 4:09:13 am UTC) from AU — Scanned from DE

Summary HTTP 253 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 70 IPs in 7 countries across 50 domains to perform 253 HTTP transactions. The main IP is 2.18.233.28, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.heraldsun.com.au.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 25th 2021. Valid for: a year.

This is the only time www.heraldsun.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5 13	2.18.233.28 2.18.233.28	16625 (AKAMAI-AS) (AKAMAI-AS)
2 9	2.18.233.169 2.18.233.169	16625 (AKAMAI-AS) (AKAMAI-AS)
20	2a04:fa87:fff... 2a04:fa87:fffd::c000:4298	2635 (AUTOMATTIC) (AUTOMATTIC)
6	104.75.88.194 104.75.88.194	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	104.111.230.77 104.111.230.77	16625 (AKAMAI-AS) (AKAMAI-AS)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
6	143.204.98.86 143.204.98.86	16509 (AMAZON-02) (AMAZON-02)
1	23.67.128.30 23.67.128.30	16625 (AKAMAI-AS) (AKAMAI-AS)
13	34.240.91.113 34.240.91.113	16509 (AMAZON-02) (AMAZON-02)
1	3.248.38.136 3.248.38.136	16509 (AMAZON-02) (AMAZON-02)
1	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	34.248.191.66 34.248.191.66	16509 (AMAZON-02) (AMAZON-02)
2 4	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	54.85.166.2 54.85.166.2	14618 (AMAZON-AES) (AMAZON-AES)
2 6	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
14	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
1 1	199.127.207.184 199.127.207.184	26120 (RHYTHMONE) (RHYTHMONE)
6	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400c:c00::5c	15169 (GOOGLE) (GOOGLE)
4	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	143.204.98.110 143.204.98.110	16509 (AMAZON-02) (AMAZON-02)
14	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
1 1	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:600:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
2	95.101.27.30 95.101.27.30	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	143.204.98.115 143.204.98.115	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:215... 2600:9000:2156:9600:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
5 14	216.58.212.164 216.58.212.164	15169 (GOOGLE) (GOOGLE)
9	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
4	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
1 1	34.232.240.103 34.232.240.103	14618 (AMAZON-AES) (AMAZON-AES)
1	52.208.185.108 52.208.185.108	16509 (AMAZON-02) (AMAZON-02)
1	52.6.232.190 52.6.232.190	14618 (AMAZON-AES) (AMAZON-AES)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.243.165.128 34.243.165.128	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:4a00:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.184.90.3 18.184.90.3	16509 (AMAZON-02) (AMAZON-02)
8 8	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
2	143.204.94.161 143.204.94.161	16509 (AMAZON-02) (AMAZON-02)
4	142.250.186.104 142.250.186.104	15169 (GOOGLE) (GOOGLE)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e053	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
2 4	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
9	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	35.227.202.26 35.227.202.26	15169 (GOOGLE) (GOOGLE)
3	185.33.221.14 185.33.221.14	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	142.250.186.129 142.250.186.129	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e5... 2620:119:50e5:101::9002:c05	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
5 9	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
6	2a00:1450:400... 2a00:1450:4001:82f::200e	() ()
6	142.250.185.206 142.250.185.206	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	34.208.187.153 34.208.187.153	() ()
253	70

13 2.18.233.28 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-28.deploy.static.akamaitechnologies.com

www.heraldsun.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.newsapi.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
commerceapi.news.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.233.169 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-169.deploy.static.akamaitechnologies.com

tags.news.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a04:fa87:fffd::c000:4298 (Ireland)

ASN2635 (AUTOMATTIC, US)

dsf.newscorpaustralia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.75.88.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.111.230.77 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-77.deploy.static.akamaitechnologies.com

subscriptions.heraldsun.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.newscorpaustralia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.98.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-86.fra50.r.cloudfront.net

subscriptions.news.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.128.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-67-128-30.deploy.static.akamaitechnologies.com

a20352597942.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 34.240.91.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.38.136 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-38-136.eu-west-1.compute.amazonaws.com

newscorpau.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

newscorpau.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.191.66 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.85.166.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-166-2.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.33.220.150 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.180 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

image5.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.127.207.184 (United States) 1 redirects

ASN26120 (RHYTHMONE, US)

dt.scanscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c00::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-110.fra50.r.cloudfront.net

au.tags.newscgp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

r.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.214.165 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:600:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.27.30 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-27-30.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-115.fra50.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:9600:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 216.58.212.164 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.240.103 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-240-103.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.185.108 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-185-108.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.6.232.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-232-190.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics.heraldsun.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.243.165.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-165-128.eu-west-1.compute.amazonaws.com

secure-sdk.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:4a00:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.90.3 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-90-3.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.66.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.94.161 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-161.fra50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.104 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f7::5c7b:e053 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

8228261.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.202.26 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 26.202.227.35.bc.googleusercontent.com

au-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.14 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f1.1e100.net

493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e5:101::9002:c05 (San Francisco, United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::200e (None, )

ASN- ()

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f14.1e100.net

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.208.187.153 (None, )

ASN- ()

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	google.com 7 redirects pay.google.com news.google.com Failed www.google.com adservice.google.com play.google.com	387 KB
33	stripe.com js.stripe.com q.stripe.com r.stripe.com m.stripe.com	303 KB
27	heraldsun.com.au 5 redirects www.heraldsun.com.au subscriptions.heraldsun.com.au metrics.heraldsun.com.au	619 KB
24	doubleclick.net 11 redirects cm.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net 8228261.fls.doubleclick.net	153 KB
23	newscorpaustralia.com dsf.newscorpaustralia.com login.newscorpaustralia.com	453 KB
16	news.com.au 2 redirects tags.news.com.au subscriptions.news.com.au commerceapi.news.com.au Failed	226 KB
14	google.de www.google.de adservice.google.de	2 KB
14	demdex.net dpm.demdex.net newscorpau.demdex.net	18 KB
9	googleadservices.com www.googleadservices.com	95 KB
9	everesttech.net 9 redirects cm.everesttech.net sync-tm.everesttech.net	2 KB
8	adsrvr.org 2 redirects match.adsrvr.org js.adsrvr.org insight.adsrvr.org	12 KB
8	adnxs.com 2 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	10 KB
6	gstatic.com www.gstatic.com	239 KB
6	imrworldwide.com cdn-gl.imrworldwide.com secure-sdk.imrworldwide.com 4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com	67 KB
6	tiqcdn.com tags.tiqcdn.com	19 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	4 KB
4	googletagmanager.com www.googletagmanager.com	155 KB
4	snapchat.com tr.snapchat.com	584 B
4	optimizely.com cdn.optimizely.com a20352597942.cdn.optimizely.com logx.optimizely.com	90 KB
3	serving-sys.com secure-ds.serving-sys.com bs.serving-sys.com	24 KB
3	casalemedia.com 2 redirects ssum.casalemedia.com dsum-sec.casalemedia.com	3 KB
2	stripe.network m.stripe.network	17 KB
2	1rx.io 2 redirects sync.1rx.io	900 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com	1 KB
2	openx.net 1 redirects us-u.openx.net	383 B
2	krxd.net 1 redirects usermatch.krxd.net beacon.krxd.net	529 B
2	pubmatic.com 1 redirects image5.pubmatic.com image2.pubmatic.com	896 B
2	rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	453 B
2	wp.com stats.wp.com pixel.wp.com	3 KB
1	twitter.com analytics.twitter.com	677 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	475 B
1	taboola.com trc.taboola.com	239 B
1	facebook.com www.facebook.com	1 KB
1	google-analytics.com www.google-analytics.com	20 KB
1	t.co t.co	470 B
1	googlesyndication.com 493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com	4 KB
1	mookie1.com au-gmtdmp.mookie1.com	608 B
1	yahoo.com sp.analytics.yahoo.com	964 B
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
1	bluekai.com 1 redirects tags.bluekai.com	713 B
1	chartbeat.net ping.chartbeat.net	201 B
1	sc-static.net sc-static.net	7 KB
1	chartbeat.com static.chartbeat.com	14 KB
1	eyeota.net 1 redirects ps.eyeota.net	418 B
1	newscgp.com au.tags.newscgp.com	48 KB
1	scanscout.com 1 redirects dt.scanscout.com	692 B
1	turn.com 1 redirects d.turn.com	402 B
1	omtrdc.net newscorpau.sc.omtrdc.net	320 B
1	newsapi.com.au cdn.newsapi.com.au	36 KB
253	50

	Domain	Requested by
20	dsf.newscorpaustralia.com	www.heraldsun.com.au dsf.newscorpaustralia.com subscriptions.heraldsun.com.au
18	www.google.com	7 redirects www.heraldsun.com.au subscriptions.heraldsun.com.au www.gstatic.com
14	r.stripe.com	js.stripe.com
14	subscriptions.heraldsun.com.au	www.heraldsun.com.au subscriptions.heraldsun.com.au
13	www.google.de	www.heraldsun.com.au
13	googleads.g.doubleclick.net	7 redirects www.googleadservices.com
13	dpm.demdex.net	tags.news.com.au www.heraldsun.com.au
12	play.google.com	www.gstatic.com
12	js.stripe.com	subscriptions.heraldsun.com.au js.stripe.com
11	www.heraldsun.com.au	5 redirects www.heraldsun.com.au subscriptions.heraldsun.com.au
9	www.googleadservices.com	secure-ds.serving-sys.com www.googletagmanager.com www.googleadservices.com
9	tags.news.com.au	2 redirects tags.tiqcdn.com au.tags.newscgp.com
8	sync-tm.everesttech.net	8 redirects
6	www.gstatic.com	pay.google.com www.gstatic.com www.google.com
6	q.stripe.com	www.heraldsun.com.au
6	subscriptions.news.com.au	client subscriptions.news.com.au
6	tags.tiqcdn.com	www.heraldsun.com.au subscriptions.heraldsun.com.au tags.tiqcdn.com
4	insight.adsrvr.org	www.heraldsun.com.au js.adsrvr.org
4	8228261.fls.doubleclick.net	2 redirects www.heraldsun.com.au
4	www.googletagmanager.com	secure-ds.serving-sys.com
4	tr.snapchat.com	sc-static.net www.heraldsun.com.au
4	securepubads.g.doubleclick.net	tags.tiqcdn.com securepubads.g.doubleclick.net
4	pay.google.com	js.stripe.com pay.google.com www.heraldsun.com.au www.gstatic.com
4	ib.adnxs.com	2 redirects www.heraldsun.com.au
3	adservice.google.com	securepubads.g.doubleclick.net 8228261.fls.doubleclick.net
3	secure.adnxs.com	www.heraldsun.com.au
3	cdn-gl.imrworldwide.com	tags.news.com.au cdn-gl.imrworldwide.com
3	cm.g.doubleclick.net	2 redirects www.heraldsun.com.au
3	login.newscorpaustralia.com	www.heraldsun.com.au login.newscorpaustralia.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	sync.1rx.io	2 redirects
2	sync.search.spotxchange.com	1 redirects www.heraldsun.com.au
2	us-u.openx.net	1 redirects www.heraldsun.com.au
2	px.ads.linkedin.com	2 redirects
2	js.adsrvr.org	secure-ds.serving-sys.com
2	secure-sdk.imrworldwide.com	www.heraldsun.com.au
2	metrics.heraldsun.com.au	tags.news.com.au www.heraldsun.com.au
2	secure-ds.serving-sys.com	tags.tiqcdn.com secure-ds.serving-sys.com
2	ssum.casalemedia.com	2 redirects
2	match.adsrvr.org	2 redirects
2	logx.optimizely.com	cdn.optimizely.com
1	m.stripe.com	m.stripe.network
1	commerceapi.news.com.au	subscriptions.heraldsun.com.au
1	analytics.twitter.com	static.ads-twitter.com
1	sync.targeting.unrulymedia.com	1 redirects
1	trc.taboola.com	www.heraldsun.com.au
1	www.facebook.com	www.heraldsun.com.au
1	www.google-analytics.com	www.gstatic.com
1	image2.pubmatic.com	www.heraldsun.com.au
1	dsum-sec.casalemedia.com	www.heraldsun.com.au
1	t.co	www.heraldsun.com.au
1	px4.ads.linkedin.com	www.heraldsun.com.au
1	www.linkedin.com	1 redirects
1	493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pixel.rubiconproject.com	www.heraldsun.com.au
1	au-gmtdmp.mookie1.com	www.heraldsun.com.au
1	sp.analytics.yahoo.com	www.heraldsun.com.au
1	acdn.adnxs.com	www.heraldsun.com.au
1	snap.licdn.com	www.heraldsun.com.au
1	static.ads-twitter.com	www.heraldsun.com.au
1	bs.serving-sys.com	secure-ds.serving-sys.com
1	4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com	www.heraldsun.com.au
1	tags.bluekai.com	1 redirects
1	ping.chartbeat.net	www.heraldsun.com.au
1	beacon.krxd.net	www.heraldsun.com.au
1	usermatch.krxd.net	1 redirects
1	sc-static.net	tags.tiqcdn.com
1	static.chartbeat.com	tags.tiqcdn.com
1	ps.eyeota.net	1 redirects
1	au.tags.newscgp.com	tags.tiqcdn.com
1	dt.scanscout.com	1 redirects
1	image5.pubmatic.com	1 redirects
1	token.rubiconproject.com	www.heraldsun.com.au
1	d.turn.com	1 redirects
1	cm.everesttech.net	1 redirects
1	newscorpau.sc.omtrdc.net	tags.news.com.au
1	newscorpau.demdex.net	tags.news.com.au
1	pixel.wp.com	www.heraldsun.com.au
1	a20352597942.cdn.optimizely.com	cdn.optimizely.com
1	cdn.newsapi.com.au	www.heraldsun.com.au
1	stats.wp.com	www.heraldsun.com.au
1	cdn.optimizely.com	www.heraldsun.com.au
0	news.google.com Failed	subscriptions.heraldsun.com.au
253	84

This site contains links to these domains. Also see Links.

Domain
subscription.newscorpaustralia.com
myaccount.news.com.au
www.dailytelegraph.com.au
www.couriermail.com.au
www.adelaidenow.com.au
www.cairnspost.com.au
www.geelongadvertiser.com.au
www.goldcoastbulletin.com.au
www.ntnews.com.au
www.thechronicle.com.au
www.themercury.com.au
www.townsvillebulletin.com.au
www.theaustralian.com.au
www.news.com.au
preferences.news.com.au

Subject Issuer	Validity	Valid
news.com.au DigiCert SHA2 Secure Server CA	`2021-02-25` - `2022-02-28`	a year	crt.sh
dsf.newscorpaustralia.com R3	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2021-04-19` - `2022-04-27`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
subscriptions.news.com.au Amazon	`2021-04-07` - `2022-05-06`	a year	crt.sh
*.cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-10-29` - `2021-11-29`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
logx.optimizely.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2021-10-21` - `2022-02-02`	3 months	crt.sh
*.stripe.com DigiCert SHA2 Secure Server CA	`2021-09-08` - `2022-09-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
au.tags.newscgp.com Amazon	`2021-01-25` - `2022-02-22`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
secure-ds.serving-sys.com DigiCert SHA2 Secure Server CA	`2021-04-28` - `2022-05-03`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2021-02-11` - `2022-02-15`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
tr.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-01-23`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
metrics.heraldsun.com.au DigiCert TLS RSA SHA256 2020 CA1	`2021-06-15` - `2022-07-16`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.nuid.imrworldwide.com Amazon	`2021-06-11` - `2022-07-10`	a year	crt.sh
bs.serving-sys.com Amazon	`2021-05-10` - `2022-06-08`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-02-02`	3 months	crt.sh

This page contains 38 frames:

Primary Page: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Frame ID: 1ABC4E036BB24346991E51351E2D7542
Requests: 78 HTTP requests in this frame

Frame: https://a20352597942.cdn.optimizely.com/client_storage/a20352597942.html
Frame ID: 8B290149CED13460F64A09B7ADCA2B61
Requests: 1 HTTP requests in this frame

Frame: https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=uNbamC1UJLgq1OvPj-C3kkAi9ZBXG_P5&nonce=Csc.dcMqBMBfs~flEGZBJSbU.5~HqQBI&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D
Frame ID: 72A5A81C045EFFB497CCE4327E1CF1D1
Requests: 3 HTTP requests in this frame

Frame: https://newscorpau.demdex.net/dest5.html?d_nsid=0
Frame ID: 7D0044B606CF967AA57A782829D81460
Requests: 22 HTTP requests in this frame

Frame: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Frame ID: BEF2226BC32B5C590B46EF95DE5B6C46
Requests: 25 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html
Frame ID: A5609026489D2719606A15ADDDF66AEF
Requests: 18 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html
Frame ID: 97F69ACA06C37641DCBF4A5225D099B7
Requests: 5 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html
Frame ID: 2B2B596EDD569B52D507728DAED50B99
Requests: 4 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: 908B89C0560FE42DE699CAFA75817669
Requests: 16 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=63f03fde-185c-4ae3-a0c6-3741b8da74a5
Frame ID: 383265167DB9D1236AE425D8E2056B66
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: 3B252183E62A7F2ED1EA0DEE734DBF40
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: 4369723CF7AAAFE2022DCEECC1ACBD8C
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 9D805C12CBCF5626F66822C5C9F4229F
Requests: 3 HTTP requests in this frame

Frame: https://js.adsrvr.org/up_loader.1.1.0.js
Frame ID: B64E3ABA5D99D9B2D329529346F44823
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-994679518
Frame ID: 28EAD96B1CB85DC16FCA857786EFE4AE
Requests: 8 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-930683048
Frame ID: 8D63B8F8D8AB95BB9725802F27D4230F
Requests: 8 HTTP requests in this frame

Frame: https://static.ads-twitter.com/uwt.js
Frame ID: 1B62614F6A26B730F673C92AC5E386AF
Requests: 3 HTTP requests in this frame

Frame: https://snap.licdn.com/li.lms-analytics/insight.min.js
Frame ID: B3FD203A4EEBEFFBD067AA5189B9FDF4
Requests: 2 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-707564276
Frame ID: A052A156763B69C44B2EC1BE122AB848
Requests: 8 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-707564276
Frame ID: B36DA78596B9FB08A4796F70AB6A8E01
Requests: 5 HTTP requests in this frame

Frame: https://js.adsrvr.org/up_loader.1.1.0.js
Frame ID: 68995E6B73CDD46AA93AAC6E87489DA5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/up/pixie.js
Frame ID: 7A4D7B5C420DCC742C95026869D99216
Requests: 2 HTTP requests in this frame

Frame: https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962
Frame ID: 3F787E8540AA74B263C57B5637629085
Requests: 2 HTTP requests in this frame

Frame: https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692
Frame ID: B49EEB64A93C817EECD842F87F8993C2
Requests: 2 HTTP requests in this frame

Frame: https://www.googleadservices.com/pagead/conversion.js
Frame ID: 73AB5D51971B4A43BA948760D34DD227
Requests: 4 HTTP requests in this frame

Frame: https://www.googleadservices.com/pagead/conversion.js
Frame ID: 0AB61F74B8F2F859FBA49EB378C5AA69
Requests: 4 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/pxl/?adv=12uiapu&ct=0:yzl4bfk&fmt=3
Frame ID: 17840211B91FE49FBD054AAA2F0C70E7
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/pxl/?adv=12uiapu&ct=0:ra6cunp&fmt=3
Frame ID: CAF0334450D1E2860AF8BB1D4141DD6D
Requests: 1 HTTP requests in this frame

Frame: https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10041060&js=no&url=heraldsunshopfrontpage020419
Frame ID: 2905C33F9D534E03206A2F519CBFA2FC
Requests: 1 HTTP requests in this frame

Frame: https://au-gmtdmp.mookie1.com/t/v2/activity?tagid=V2_296557&src.rand=[timestamp]
Frame ID: 148E6A6880F76BCEBF042025D2A78147
Requests: 1 HTTP requests in this frame

Frame: https://secure.adnxs.com/px?id=879166&seg=9702347&t=2
Frame ID: F3E677DC054641708806273A6A60DDE9
Requests: 1 HTTP requests in this frame

Frame: https://493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E832DD1FE2CD6B3AD65CCF38F6F8986B
Requests: 1 HTTP requests in this frame

Frame: https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=c9QzNxfCY8rLKdf_Fmn_wTlBlG4hvDyT&nonce=kwLtZFccF9Q5DTMXlfirwF.qMV6cdXBr&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D
Frame ID: B50A124D8D034E360D23EA7518D376D5
Requests: 3 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=12uiapu&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&upid=trk7f24&upv=1.1.0
Frame ID: 9F238AA03F6B3594B6CC6B7780649430
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=vrges6n&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&upid=ekg5qxt&upv=1.1.0
Frame ID: E9BDFCADDB2D771C04357F5263C57BB9
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Frame ID: 40F97A589FA7FBC3037B9247A6AF19EE
Requests: 3 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: D7D844E1ED2EFFDB948BC3D88D3DE22C
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLmhlcmFsZHN1bi5jb20uYXU6NDQz&hl=de&v=yZguKF1TiDm6F3yJWVhmOKQ9&size=invisible&cb=51b9ijybx6is
Frame ID: A36F65A331DC7773AE2599260C322759
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Heraldsun.com.au | Subscribe to the Herald Sun for exclusive stories

Page URL History Show full URLs

https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-wit... HTTP 302
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fleader%2fe... HTTP 302
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-wit... HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2flead... HTTP 302
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-wit... HTTP 302
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun... HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fsubs... HTTP 302
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun... Page URL

Page Statistics

253
Requests

86 %
HTTPS

23 %
IPv6

50
Domains

84
Subdomains

70
IPs

7
Countries

3020 kB
Transfer

8742 kB
Size

80
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://subscription.newscorpaustralia.com/business/subscription/SMB/?sourceCode=HSWEB_SMB500
Title: Business Subscriptions

Search URL Search Domain Scan URL

URL: https://myaccount.news.com.au/heraldsun/templateCampaign?campaignId=HS_GIFT_PURCHASE
Title: View gifting offers

Search URL Search Domain Scan URL

URL: https://www.dailytelegraph.com.au/
Title: dailytelegraph.com.au

Search URL Search Domain Scan URL

URL: https://www.couriermail.com.au/
Title: couriermail.com.au

Search URL Search Domain Scan URL

URL: https://www.adelaidenow.com.au/
Title: advertiser.com.au

Search URL Search Domain Scan URL

URL: https://www.cairnspost.com.au/
Title: cairnspost.com.au

Search URL Search Domain Scan URL

URL: https://www.geelongadvertiser.com.au/
Title: geelongadvertiser.com.au

Search URL Search Domain Scan URL

URL: https://www.goldcoastbulletin.com.au/
Title: goldcoastbulletin.com.au

Search URL Search Domain Scan URL

URL: https://www.ntnews.com.au/
Title: ntnews.com.au

Search URL Search Domain Scan URL

URL: https://www.thechronicle.com.au/
Title: thechronicle.com.au

Search URL Search Domain Scan URL

URL: https://www.themercury.com.au/
Title: themercury.com.au

Search URL Search Domain Scan URL

URL: https://www.townsvillebulletin.com.au/
Title: townsvillebulletin.com.au

Search URL Search Domain Scan URL

URL: https://www.theaustralian.com.au/
Title: theaustralian.com.au

Search URL Search Domain Scan URL

URL: https://www.news.com.au/
Title: news.com.au

Search URL Search Domain Scan URL

URL: https://preferences.news.com.au/privacy
Title: here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d HTTP 302
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fleader%2feast%2fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2fnews-story%2fbc4aae752ebf39deba1189b0ccd23c6d HTTP 302
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fleader%2feast%2fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2fnews-story%2fbc4aae752ebf39deba1189b0ccd23c6d&16370357411027662260 HTTP 302
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d?nk=8a66695d58dadd59882459caa779c5af-1637035741 HTTP 302
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fsubscribe%2fnews%2f1%2f%3fsourceCode%3dHSWEB_WRE170_a%26dest%3dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3danonymous%26mode%3dpremium%26v21%3ddynamic-cold-control-noscore%26V21spcbehaviour%3dappend&163703574228877364 HTTP 302
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://cm.everesttech.net/cm/dd?d_uuid=49138798238618946413985457423554896590 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YZMu4QAAAIL_cgQA

Request Chain 39

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=88579922939553704

Request Chain 40

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3910326146884613016

Request Chain 43

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDkxMzg3OTgyMzg2MTg5NDY0MTM5ODU0NTc0MjM1NTQ4OTY1OTA= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDkxMzg3OTgyMzg2MTg5NDY0MTM5ODU0NTc0MjM1NTQ4OTY1OTA=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEB1-q8QcXv7pP7ELlub88mk&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 45

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=cd972633-6b5a-48e9-b1d5-0cbe00e75ea3

Request Chain 46

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Request Chain 47

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZMu4WqdDfIDy-E5GcIvQQAA%261213

Request Chain 56

https://dt.scanscout.com/ssframework/uid?UIAA=49138798238618946413985457423554896590&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D HTTP 302
https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-fd085809ebee7274c385242d8d712f0f

Request Chain 83

https://ps.eyeota.net/match?bid=6j5b2cv&uid=49138798238618946413985457423554896590&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 98

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559 HTTP 302
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559&ipr=y

Request Chain 99

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860 HTTP 302
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860&ipr=y

Request Chain 109

https://usermatch.krxd.net/um/v2?partner=adobe&id=49138798238618946413985457423554896590 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=49138798238618946413985457423554896590

Request Chain 120

https://tags.bluekai.com/site/43981?id=49138798238618946413985457423554896590&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID HTTP 302
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Request Chain 125

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVpNdTRRQUFBSUxfY2dRQQ==

Request Chain 135

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962 HTTP 302
https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962

Request Chain 136

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692 HTTP 302
https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692

Request Chain 146

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YZMu4QAAAIL_cgQA&expires=90

Request Chain 151

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1765380%26time%3D1637035746617%26url%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fsubscribe%252Fnews%252F1%252F%253FsourceCode%253DHSWEB_WRE170_a%2526dest%253Dhttps%25253A%25252F%25252Fwww.heraldsun.com.au%25252Fleader%25252Feast%25252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%25252Fnews-story%25252Fbc4aae752ebf39deba1189b0ccd23c6d%2526memtype%253Danonymous%2526mode%253Dpremium%2526v21%253Ddynamic-cold-control-noscore%2526V21spcbehaviour%253Dappend%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&liSync=true&e_ipv6=AQIqU5k8J5z9DQAAAX0m7yfpTXJ3W4_ui1aFTgZiu4pO-NUThdJwNypIesM25P7K_AaBL3H1

Request Chain 156

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YZMu4QAAAIL_cgQA

Request Chain 159

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=YZMu4QAAAIL_cgQA

Request Chain 164

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YZMu4QAAAIL_cgQA HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YZMu4QAAAIL_cgQA

Request Chain 165

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YZMu4QAAAIL_cgQA

Request Chain 179

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1&__user_check__=1&sync_id=f172439d-4692-11ec-820a-14c817940106

Request Chain 196

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YZMu4QAAAIL_cgQA&t=2592000&o=0

Request Chain 197

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=4y6TYfuTCramx_APvoyMiAo&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYfuTCramx_APvoyMiAo&cid=CAQSKQCNIrLMQSoxukRGnfx3qVqEohd78SqFkt7i3-P6utRdn2IbiXDz1dIR&random=1702591783&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYfuTCramx_APvoyMiAo&cid=CAQSKQCNIrLMQSoxukRGnfx3qVqEohd78SqFkt7i3-P6utRdn2IbiXDz1dIR&random=1702591783&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJqeAuse9Ai9KSjwWPgGw7LvqV3WZu-ZdXkxMiRiES6Ms3KpT9ZT3sJD7qFbggFEI31QL3JBnWRkhY8vll2izX

Request Chain 198

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=4y6TYZLfCr-qx_APy5mVyA0&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYZLfCr-qx_APy5mVyA0&cid=CAQSKQCNIrLMWSf7D47I2InvhHG80wyBejGs9L5a6VyqRgdI11ZIMBQ5Hd4k&random=64301466&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYZLfCr-qx_APy5mVyA0&cid=CAQSKQCNIrLMWSf7D47I2InvhHG80wyBejGs9L5a6VyqRgdI11ZIMBQ5Hd4k&random=64301466&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hBp2-EIYbkYK23Vutv4SgAEaBV8H059DwPv5kgJzLpQfnP4t9XI-WGiV5pN2VAjBnXFZSZG17IAi-VYw3rV7iIt

Request Chain 199

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=4y6TYc7XC7zEx_AP37y6eA&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYc7XC7zEx_AP37y6eA&cid=CAQSKQCNIrLMOKULITfDMzQlHMXFEo5Y7AgQK0dOjH8ub64U1EBtXqloJqJB&random=2085449866&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYc7XC7zEx_AP37y6eA&cid=CAQSKQCNIrLMOKULITfDMzQlHMXFEo5Y7AgQK0dOjH8ub64U1EBtXqloJqJB&random=2085449866&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hDcY2OTPwpLTkDglGPQBrqlWwZUGOFRmaPGdSWsbwV5hQNQ01i7LaESXoqL-AjC567bjduejR-VhdJZ0yO2ks1C

Request Chain 203

https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync/adobe/0?zcc=1&dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D&cb=1637035747446 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3DRX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003 HTTP 302
https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003

Request Chain 233

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097 HTTP 302
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097&ipr=y

Request Chain 234

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640 HTTP 302
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640&ipr=y

253 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.heraldsun.com.au/subscribe/news/1/
Redirect Chain

https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fleader%2feast%2fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-o...
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fleader%2feast%2fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration...
https://www.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story/bc4aae752ebf39deba1189b0ccd23c6d?nk=8a66695d58dad...
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-...
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fsubscribe%2fnews%2f1%2f%3fsourceCode%3dHSWEB_WRE170_a%26dest%3dhttps%253A%252F%252Fwww.heraldsun.com...
https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-...

60 KB
11 KB

950ms
950ms

Document
text/html

2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

11abac554a1bf90bbeb5d8e033feff92cbd15963bfcb617f01c8a8fabb44646f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
content-type: text/html; charset=UTF-8
x-powered-by: WordPress VIP <https://wpvip.com>
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
is-https: true
vary: User-Agent Accept-Encoding
x-opw: 4
x-rq: ewr2 0 2 9980
host-header: a9130478a60e5f9135f765b23f26593b
x-akamai-transformed: 9 61077 0 pmb=mTOE,2
content-encoding: gzip
expires: Tue, 16 Nov 2021 04:09:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:03 GMT
content-length: 9545

Redirect headers

server: AkamaiNetStorage
content-length: 154
content-type: text/html
location: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
etag: "0189cffac88f08578068b775bf1659f6:1632721186.677505"
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
vary: Accept-Encoding
cache-control: max-age=3243
date: Tue, 16 Nov 2021 04:09:02 GMT

GET
H2 200 /
dsf.newscorpaustralia.com/heraldsun/_static/ 611 KB
88 KB 724ms
456ms Stylesheet
text/css 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4d0d8a99dd7acf51cc9d43e935837f3fba2661c95c6c53ecd12980257246a456

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
x-rq: hhn2 0 2 9980
last-modified: Thu, 11 Nov 2021 06:42:35 GMT
server: nginx
age: 0
vary: Accept-Encoding
x-cache: miss
content-type: text/css;charset=utf-8
cache-control: max-age=300, must-revalidate
accept-ranges: bytes

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 731 B
937 B 578ms
534ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.sync.js?ver=5.7.4
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 79f1ad148832267276e77dd51633ae2847e1d2e4885855759aa112a569ef007f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
last-modified: Tue, 07 Sep 2021 01:32:00 GMT
server: AkamaiNetStorage
etag: "2986e7e3a1a5672b2082d5cb37d7fce1:1630978320.227716"
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 731
expires: Tue, 16 Nov 2021 04:14:04 GMT

GET
H2 200 rampart.js Show response
www.heraldsun.com.au/remote/identity/rampart/latest/ 274 KB
82 KB 43ms
43ms Script
application/x-javascript 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js?ver=5.7.4

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

AkamaiNetStorage /

Resource Hash

4768c9c09426579117c9cc397f7bffc83c22b7ebe652b2fa492496ae8b680ab2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "6778d105432607d0b73f0a808e1b81ad:1636438006.632996"
vary: User-Agent, Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=570
date: Tue, 16 Nov 2021 04:09:04 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 16 Nov 2021 04:18:34 GMT

GET
H2 200 20352597942.js Show response
cdn.optimizely.com/js/ 289 KB
88 KB 483ms
444ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/20352597942.js?ver=5.7.4

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

628989c0489fd94893084deecfa37db929a50fa9e688dcacdcd86e6d13d0b78f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: M8GMuRDggO2J3rMxOqRrMipEvYydCyCJ
content-encoding: gzip
etag: "b056aed3e4a7cc2146c8d8ecbcecc005"
x-amz-request-id: 9TZM69ENYGFK09H6
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 140
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="8";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 88759
x-amz-id-2: Ie9u3UszgkD++nTG+m0EATpzCYvFNY+caFSqDCGwU3yxs+4H60vte8phk3gP3hQlO9EWtp+C5dM=
last-modified: Wed, 03 Nov 2021 22:04:20 GMT
server: AmazonS3
date: Tue, 16 Nov 2021 04:09:04 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 / Show response
dsf.newscorpaustralia.com/heraldsun/_static/ 98 KB
34 KB 452ms
186ms Script
application/javascript 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraGZsZmpuaGRgWkWAK9vIhw=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 7eb243627ed4013b84418c9fe94ee3b9907906ace4de00965ff3b3b33a9f151c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
x-rq: hhn2 0 2 9980
last-modified: Wed, 10 Nov 2021 19:06:45 GMT
server: nginx
age: 0
vary: Accept-Encoding
x-cache: miss
content-type: application/javascript
cache-control: max-age=300, must-revalidate
accept-ranges: bytes

GET
H2 200 54acba27 Show response
www.heraldsun.com.au/akam/11/ 32 KB
12 KB 380ms
379ms Script
application/javascript 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/akam/11/54acba27

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

Resource Hash

9432d61b83af5d779cdaf31c7857bbd39cc93529a053ad9c8c39f2e8a832e89e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
etag: "36c8ad7834e6cb7397cde75787eaf8fdd4f2a27334213f2151d7901f8f17975b"
is-https: true
x-arrrg4: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
x-opw: 4
content-length: 10482
pragma: no-cache
x-bpath: OLD
blaizehappened: true
date: Tue, 16 Nov 2021 04:09:04 GMT
vary: User-Agent, Accept-Encoding
content-type: application/javascript
expires: Tue, 16 Nov 2021 04:09:04 GMT
cache-control: max-age=0, no-cache, no-store
x-arrrg5: /blaize/decision-engine?path=https%3a%2f%2fwww.heraldsun.com.au%2fakam%2f11%2f54acba27&blaizehost=cdn.heraldsun.newscorp.blaize.io&content_id=54acba27&session=8a66695d58dadd59882459caa779c5af
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 loader.js Show response
subscriptions.heraldsun.com.au/loader/ 259 KB
78 KB 587ms
294ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/loader/loader.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

dd1635901b83a441799b9c2a9cc3cd4ed5fd32407728219f93c26024963eca20

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
last-modified: Sun, 14 Nov 2021 23:27:44 GMT
x-amz-cf-pop: EWR53-P1
etag: "db5e8add175524d989db56327baefa2d"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1
strict-transport-security: max-age=600
accept-ranges: bytes
x-amz-cf-id: nlTlvDqTekdVhrWbyluOdXDYPGSyd8AMzLyyxarX0f1vlenmv6OeUg==

GET
H2 200 / Show response
dsf.newscorpaustralia.com/heraldsun/_static/ 52 KB
15 KB 438ms
174ms Script
application/javascript 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??/wp-content/plugins/dynamic-shop-front/assets/dist/js/dsf-front.build.js,/wp-content/themes/dynamic-shopfront/js/navigation.js?m=1636612955j
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: dbae6830a9fae84807cbc0284097f3576175cf145d2b0ef87126b36db276de71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
x-rq: hhn2 0 2 9980
last-modified: Thu, 11 Nov 2021 06:42:35 GMT
server: nginx
age: 0
vary: Accept-Encoding
x-cache: miss
content-type: application/javascript
cache-control: max-age=300, must-revalidate
accept-ranges: bytes

GET
H2 200 e-202146.js Show response
stats.wp.com/ 9 KB
3 KB 27ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202146.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc: HIT hhn
date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: br
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 10 Nov 2022 16:49:31 GMT

GET
H2 200 icon-faq-plus.png
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 466 B
604 B 10ms
10ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-faq-plus.png
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 48e995c834f9cbb64904650cbb722ab0c92effb6c59cf493aa055fcc1fc0417a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 177 253 80
last-modified: Wed, 09 Jun 2021 09:14:29 GMT
server: nginx
age: 13729159
etag: "60c08675-1d2"
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 466
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 SourceSansPro-Regular.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 83 KB
83 KB 198ms
179ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-Regular.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f2696e8eb9d876987998374c51e4d14a24f6f24a23fe697493ebf761c3bcc4b9

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:04 GMT
server: nginx
age: 0
etag: "618a4398-14aec"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 84716
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 SourceSansPro-SemiBold.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 82 KB
82 KB 207ms
188ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-SemiBold.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0b3376aa27741ca90899fed12bcccbf1ea22edb596846ba6b26e263463686590

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:04 GMT
server: nginx
age: 0
etag: "618a4398-14808"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 83976
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 charter_bold-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 28 KB
28 KB 191ms
172ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_bold-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 8640916aba1207e4fcff9c894252543689989434cd9fc0dabd4cee60b3e763a5

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 0
etag: "618a4399-6f0c"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 28428
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 charter_italic-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 29 KB
29 KB 25ms
6ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_italic-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0fc8a6e495e7cd447608aea7e0cd59b0e79bd4e74822d428c53880ac0db6c469

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 197
etag: "618a4399-72d4"
vary: X-Mobile-Class, Accept-Encoding
x-cache: hit
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 29396
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 SourceSansPro-Italic.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 35 KB
35 KB 195ms
176ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-Italic.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: c33c60d014227b42c513820e6d750cced736cda305beb7d6a20e35afe502648c

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:04 GMT
server: nginx
age: 0
etag: "618a4398-8aa8"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 35496
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 charter_regular-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 27 KB
27 KB 188ms
170ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_regular-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ece70e751af05572df7513e5e904bcd69f32e7616718fec9e945a2e2924b8a26

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkN1OwzAMhV+INJRplbhAPIuXmtbD+VGcCvL2eGFD60Cou3RyvmOfYz+SoeB4GVGsE7EjSbEHju7dMB0y5GqlVMbOU+hU8GCviaNYjyMBMnoMZTUkhorZME7g6jZc/67nv6GfK130KQbVyX8n3oRS+xLzJiAsn5t0d1iuiy2zxryL+F61QlwM5dRd4mWioFQN4MkZmWMyb1l/LYhguZSmxs1TZyCuRbueMqTZNu0v23bj2rUJjZuJx3PoW8gv5nLOEUsCTdA/dru2/PxwYl79Sz/shqF/et7vvwA2P/M0
Origin: https://www.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 0
etag: "618a4399-6d00"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 27904
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 we-are-for-you.svg
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 4 KB
2 KB 177ms
177ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/we-are-for-you.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 86e8ed098febe4691b72980ac9bb22f6370cd6fb7fd50f2fc3ca41f5a24c6ed7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 0
etag: "618a4399-1177"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1934
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 vic_MaroondahLeader.png
dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/common/images/co-brand-logo/ 9 KB
9 KB 10ms
8ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/common/images/co-brand-logo/vic_MaroondahLeader.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 088b0f8723c3f59471aa21a3e87761129f52c40cd6ff727a6bafc6e93ad2692b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Mon, 18 Oct 2021 23:44:46 GMT
server: nginx
age: 2401003
etag: "616e06ee-243a"
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 9274
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 logo.svg
dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/mastheads/identity/images/heraldsun/ 3 KB
1 KB 185ms
183ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/mastheads/identity/images/heraldsun/logo.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 8a9bdf4334da3cfdb98da986e99e81b53a63c18720e099c71a9b785ff6b7feea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 0
etag: "618a4399-d3b"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1434
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 avatar.svg
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 264 B
312 B 180ms
178ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/avatar.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e30565d344697a80f05882c11755c6d6a71626791bbc124df343b5edc7901312

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 0 2 9980
last-modified: Tue, 09 Nov 2021 09:47:05 GMT
server: nginx
age: 0
etag: "618a4399-108"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 264
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 c67d537ebd42bb98713fdf2b66806c20
cdn.newsapi.com.au/image/v1/ 35 KB
36 KB 1857ms
1753ms Image
image/jpeg 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.newsapi.com.au/image/v1/c67d537ebd42bb98713fdf2b66806c20
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-28.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: cf2523dd7ea34873e419b1d7daa7c17946eafc79c01e68fc32163ffaf517f913

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
last-modified: Mon, 15 Nov 2021 20:24:42 GMT
server: Akamai Image Manager
etag: 2327ebcc35d4135d5f4eac99d5a89372-c67d537ebd42bb98713fdf2b66806c20-0
access-control-allow-methods: POST, GET, DELETE, PUT, PATCH, OPTIONS
content-type: image/jpeg
x-hobit: 2B
cache-control: private, no-transform, max-age=604800
access-control-allow-headers: x-newsapi-api-key
content-length: 36188
expires: Tue, 23 Nov 2021 04:09:06 GMT

GET
H2 200 Masthead-Digital.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 1 KB
1 KB 7ms
6ms Image
image/webp 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Digital.png?w=251
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e04d38fcbc12494d5d6ce8eb4230a369f42e8a40368cad922c61197b34ff0a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 109 88 443
last-modified: Thu, 08 Jul 2021 01:08:16 GMT
server: nginx
etag: "f8ca1fc33f0e6613"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1348
expires: Fri, 08 Jul 2022 01:08:16 GMT

GET
H2 200 icon-premium.png
dsf.newscorpaustralia.com/central/wp-content/uploads/sites/8/2021/05/ 544 B
653 B 7ms
6ms Image
image/webp 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/central/wp-content/uploads/sites/8/2021/05/icon-premium.png?w=22
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 851e4d8abe50a401de7f6cfe500a24af40dca9ae9f2418ac81b271ead5daf2e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 109 84 443
last-modified: Thu, 03 Jun 2021 13:56:03 GMT
server: nginx
etag: "3fcd5ba480ef8b8b"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 544
expires: Fri, 03 Jun 2022 13:56:03 GMT

GET
H2 200 Masthead-Digital.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 2 KB
2 KB 7ms
6ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Digital.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ea80a5582f5098378c85e19a4ef16d3fdfb553df3549551c935fb1dd95f09e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 109 88 443
last-modified: Thu, 27 May 2021 01:03:07 GMT
server: nginx
etag: "bcb87106b77e4a8a"
x-cache: HIT
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2109
expires: Sat, 17 Sep 2022 22:28:46 GMT

GET
H2 200 Masthead-Weekend-Bundle.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 5 KB
6 KB 7ms
7ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Weekend-Bundle.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 153c03f29a896f83de934e7aac4d5f33c99c46484e10316f0336f62926f586b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 109 144 443
last-modified: Thu, 27 May 2021 01:03:36 GMT
server: nginx
etag: "3234bdda05ebf899"
x-cache: HIT
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 5615
expires: Sat, 17 Sep 2022 22:28:46 GMT

GET
H2 200 icon-phone.png
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 337 B
391 B 8ms
7ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-phone.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4e1a4f2c605f26bcf80a2cd8e5d48e887c2062a53cd1d993cb05250223e386a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
x-rq: hhn2 177 253 80
last-modified: Wed, 09 Jun 2021 09:14:29 GMT
server: nginx
age: 13729137
etag: "60c08675-151"
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 337
expires: Wed, 16 Nov 2022 04:09:04 GMT

GET
H2 200 SourceSansPro.css
subscriptions.news.com.au/media/fonts/SourceSansPro/ 2 KB
2 KB 45ms
8ms Stylesheet
text/css 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: BU9pslV_1tk2oM9KNiljnrkOp3wYAVog
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:42 GMT
server: AmazonS3
age: 13046
etag: "2a13a755f725cea2c202bc30af451d10"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 16 Nov 2021 00:51:42 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2173
x-amz-cf-id: pzGrHHYgrK8cAGPDVhEKZAhhXBCBmZRAFKDCtUD00fUllmY8ncxPQQ==

GET
H2 200 Charter.css
subscriptions.news.com.au/media/fonts/Charter/ 2 KB
2 KB 46ms
10ms Stylesheet
text/css 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:10 GMT
server: AmazonS3
age: 13046
etag: "9d796e9621f8bd2ea24552819973cb20"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 16 Nov 2021 00:51:42 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 1635
x-amz-cf-id: wquCQuCSFFyX46C7p8XUfgducjsbn3rdKxxwxFQoL26UwR-HazfPiw==

GET
H2 200 a20352597942.html Show response
a20352597942.cdn.optimizely.com/client_storage/ Frame 8B29 2 KB
1 KB 53ms
8ms Document
text/html 23.67.128.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a20352597942.cdn.optimizely.com/client_storage/a20352597942.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20352597942.js?ver=5.7.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.67.128.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-67-128-30.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

78e9525f27478abe1dc785fa56d07b2594cb7e0a5d2b6653a5b0dddbabdae769

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

x-amz-id-2: JNqELmBHRm1SHhHJ9kJm77JpC/wUCHV0gyaxe+fULfxlYcmcn4coqpO+atZGIFlQYKn1MKg6Erk=
x-amz-request-id: 9RNRWMYVF1MGW37B
x-amz-replication-status: COMPLETED
last-modified: Wed, 03 Nov 2021 22:04:18 GMT
etag: "8b6e12415ca0321c147b52eb81830584"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: J5pfm0fi23NDZIcw4lxH2JEPDylkONDs
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 841
vary: Accept-Encoding
cache-control: max-age=120
date: Tue, 16 Nov 2021 04:09:04 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="23.67.128.30";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H2 200 adobe_visitor.js Show response
tags.news.com.au/prod/visitor/ 60 KB
20 KB 13ms
13ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.sync.js?ver=5.7.4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1bc3625c4e923d79a85677113b548e5444129ead716d43e10e2a6e9d56939143

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:04 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "762b36524699d0c801c527b6e71f35e4:1593471758.804374"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=14608
content-type: application/x-javascript
content-length: 19871

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 16ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=187954703&post=5&tz=11&srv=dsf.newscorpaustralia.com&host=www.heraldsun.com.au&ref=&fcp=3275&rand=0.3050004773426711
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Nov 2021 04:09:04 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 authorize Show response
login.newscorpaustralia.com/ Frame 72A5 2 KB
3 KB 954ms
944ms Document
text/html 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=uNbamC1UJLgq1OvPj-C3kkAi9ZBXG_P5&nonce=Csc.dcMqBMBfs~flEGZBJSbU.5~HqQBI&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js?ver=5.7.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

cloudflare /

Resource Hash

39f09957410016f42651cfba04fd86ab44e9a87df542d43c7568c05d7ed2adff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html;charset=UTF-8
cf-ray: 6aeddc9dcddfd6f1-FRA
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id: 6aeddc9dcddfd6f1
ot-tracer-sampled: true
ot-tracer-spanid: 24bea2d4518ef728
ot-tracer-traceid: 5005bc171e8d4b32
x-auth0-requestid: 45def98582a0e8a51c32
x-content-type-options: nosniff
x-ratelimit-limit: 1000
x-ratelimit-remaining: 999
x-ratelimit-reset: 1637035746
server: cloudflare
content-encoding: gzip
x-akamai-transformed: 9 539 0 pmb=mTOE,3
expires: Tue, 16 Nov 2021 04:09:05 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:05 GMT
content-length: 802
vary: Accept-Encoding

GET
H2 200 rampart.js Show response
www.heraldsun.com.au/remote/identity/rampart/latest/ 274 KB
82 KB 42ms
42ms Script
application/x-javascript 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

AkamaiNetStorage /

Resource Hash

4768c9c09426579117c9cc397f7bffc83c22b7ebe652b2fa492496ae8b680ab2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "6778d105432607d0b73f0a808e1b81ad:1636438006.632996"
vary: User-Agent, Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1386
date: Tue, 16 Nov 2021 04:09:04 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 16 Nov 2021 04:32:10 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 167ms
31ms XHR
application/json 34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1637035744944

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d1a26160c500ecfa0bd92c91c776b507b90bb94a2598b0c86bc292f7df4e0fc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v019-0ffef969f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: r+31VXSZRMs=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1548
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK dest5.html Show response
newscorpau.demdex.net/ Frame 7D00 7 KB
3 KB 118ms
27ms Document
text/html 3.248.38.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://newscorpau.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.38.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-38-136.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 16 Nov 2021 04:09:05 GMT
DCS: dcs-prod-irl1-1-v019-073dcfdd6.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 14 Oct 2021 10:46:54 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: z16x6/cTQM8=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
newscorpau.sc.omtrdc.net/ 2 B
320 B 62ms
17ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://newscorpau.sc.omtrdc.net/id?d_visid_ver=4.5.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=49159856810536542513983360397549614036&ts=1637035745131

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:05 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6988cccb6f-cjbg7
vary: Origin
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YZMu4QAAAIL_cgQA
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=49138798238618946413985457423554896590
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YZMu4QAAAIL_cgQA

42 B
945 B

31ms
31ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YZMu4QAAAIL_cgQA

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0ffef969f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Yq5Yip+sQZE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YZMu4QAAAIL_cgQA
Date: Tue, 16 Nov 2021 04:09:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=88579922939553704
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=88579922939553704

42 B
945 B

31ms
31ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=88579922939553704

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0f4b0dfcb.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: illiECYSQwo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:05 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d589061b-822f-426c-80dc-8b70f3e6e8f9
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=88579922939553704
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=3910326146884613016
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3910326146884613016

42 B
945 B

31ms
30ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=3910326146884613016

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-003e67e75.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: jnpuTxfcQps=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=3910326146884613016
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:04 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

POST
H2 200 pixel_54acba27 Show response
www.heraldsun.com.au/akam/11/ 0
2 KB 354ms
354ms XHR
text/html 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/akam/11/pixel_54acba27

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/akam/11/54acba27

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

is-https: true
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-bpath: OLD
blaizehappened: true
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: User-Agent
content-type: text/html
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-arrrg5: /blaize/decision-engine?path=https%3a%2f%2fwww.heraldsun.com.au%2fakam%2f11%2fpixel_54acba27&blaizehost=cdn.heraldsun.newscorp.blaize.io&content_id=pixel_54acba27&session=8a66695d58dadd59882459caa779c5af
x-arrrg4: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
x-opw: 4
content-length: 0
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 7D00 0
214 B 30ms
7ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=49138798238618946413985457423554896590&gdpr=0&gdpr_consent=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEB1-q8QcXv7pP7ELlub88mk&google_cver=1
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NDkxMzg3OTgyMzg2MTg5NDY0MTM5ODU0NTc0MjM1NTQ4OTY1OTA=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NDkxMzg3OTgyMzg2MTg5NDY0MTM5ODU0NTc0MjM1NTQ4OTY1OTA=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEB1-q8QcXv7pP7ELlub88mk&google_cver=1?gdpr=0&gdpr_consent=

42 B
945 B

31ms
31ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEB1-q8QcXv7pP7ELlub88mk&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0abf208d3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 1xfEaN45RS8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEB1-q8QcXv7pP7ELlub88mk&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
365 B 418ms
101ms XHR
text/plain 54.85.166.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20352597942.js?ver=5.7.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.166.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-166-2.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 086bc9a9-a3b0-418c-b570-3765cf020633

GET
H/1.1

200
OK

ibs:dpid=903&dpuuid=cd972633-6b5a-48e9-b1d5-0cbe00e75ea3
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://dpm.demdex.net/ibs:dpid=903&dpuuid=cd972633-6b5a-48e9-b1d5-0cbe00e75ea3

42 B
945 B

30ms
30ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=903&dpuuid=cd972633-6b5a-48e9-b1d5-0cbe00e75ea3

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0b574d3a1.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: h3L6Jvm6QTo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:05 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dpm.demdex.net/ibs:dpid=903&dpuuid=cd972633-6b5a-48e9-b1d5-0cbe00e75ea3
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 189

GET
H/1.1

200
OK

ibs:dpid=19566&dpuuid=%s
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

42 B
963 B

28ms
28ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-016ac64a0.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 104,303
X-TID: a00Ea68qS8Q=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
etag: "60b823b8-cde"
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location: https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H/1.1

200
OK

ibs:dpid=23728&dpuuid=YZMu4WqdDfIDy-E5GcIvQQAA%261213
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZMu4WqdDfIDy-E5GcIvQQAA%261213

42 B
945 B

33ms
33ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZMu4WqdDfIDy-E5GcIvQQAA%261213

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-02d0fc293.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ZQsxknupTc8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZMu4WqdDfIDy-E5GcIvQQAA%261213
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 264
Expires: Tue, 16 Nov 2021 04:09:05 GMT

GET c98e109
login.newscorpaustralia.com/akam/11/ Frame 72A5 0
0

GET Zm4DYAgB
login.newscorpaustralia.com/lFQ9yn7NN/U3Cpp3i/vA/7zOztGSz/CBpnMBcC/RGty/ Frame 72A5 0
0

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 51 KB
14 KB 105ms
105ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8cd08e54442fec70d5acfa5a69f9d177b21ab3876571c2623c6ab1aef1622f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:05 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 01:32:01 GMT
server: AkamaiNetStorage
etag: "ae8820dbcc546eedf5cd72b47adb2ac7:1630978321.15198"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 14304
expires: Tue, 16 Nov 2021 04:14:05 GMT

GET
H2 200 index.html Show response
subscriptions.heraldsun.com.au/caas/ Frame BEF2 748 B
1 KB 101ms
101ms Document
text/html 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

bb9b6f92bd9016c06fb83fd16a6d2a5be17326743db4180420bb46dc51660442

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html
content-length: 748
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
etag: "3cb090645185d3eb6a35c0e0ead93b5f"
accept-ranges: bytes
x-amz-cf-pop: EWR53-C3
x-amz-cf-id: QCZtidhKPH7pukj4yhl0hfMZG3uH77EwcxkiJG-cwvcN1Y429azWSQ==
expires: Tue, 16 Nov 2021 04:09:05 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:05 GMT
strict-transport-security: max-age=600

GET
H2 200 / Show response
js.stripe.com/v3/ 266 KB
64 KB 49ms
7ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c5b38450048b03e889ee40e4707d404058095409824e3f3dc406fbc95910a11d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: HIT
content-length: 65233
etag: "fda34995ab4d9fa08344653756a29f7c"
x-request-id: c1264201-4982-4a08-a7a7-be6f0ed951a1
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Fri, 12 Nov 2021 17:43:47 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html Show response
js.stripe.com/v3/ Frame A560 349 B
575 B 7ms
6ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

cae33cb68be6224b56eb3d1a97050fabc324ba13f953d777a0f57e5b40f7803a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

last-modified: Fri, 12 Nov 2021 17:26:02 GMT
etag: "6ae29ff8a2ddcc0b2ec49757fc14c08a"
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Tue, 16 Nov 2021 04:09:05 GMT
via: 1.1 varnish
age: 29
x-request-id: 78b6105c-6033-41e5-9836-a12af2be3c80
x-served-by: cache-hhn4031-HHN
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
timing-allow-origin: *
cache-control: max-age=60
content-length: 166

GET
H2 200 payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html Show response
js.stripe.com/v3/ Frame 97F6 434 B
570 B 7ms
7ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

afafb6912738ae3ebff33f4672b5935e81449979521f3c50a846adc240635279

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

last-modified: Fri, 12 Nov 2021 17:25:51 GMT
etag: "3b9f6c2e72044174f4509006d3bcb52c"
content-type: text/html; charset=utf-8
content-security-policy: default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Tue, 16 Nov 2021 04:09:05 GMT
via: 1.1 varnish
age: 63
x-request-id: 6e0faba3-06c0-4e6b-a458-49dd8236daa6
x-served-by: cache-hhn4031-HHN
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
timing-allow-origin: *
cache-control: max-age=60
content-length: 197

GET
H2 200 payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html Show response
js.stripe.com/v3/ Frame 2B2B 370 B
589 B 7ms
6ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a048bf2fe7753a55b48bd445a1eb31ba16736026784ac6c933e43ddfd7f39185

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

last-modified: Fri, 12 Nov 2021 17:26:02 GMT
etag: "4efaaecc89ff64a13773d891979378c1"
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Tue, 16 Nov 2021 04:09:05 GMT
via: 1.1 varnish
age: 38
x-request-id: b639c5b8-e525-4b2f-80b5-be9b4d762d1b
x-served-by: cache-hhn4031-HHN
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
timing-allow-origin: *
cache-control: max-age=60
content-length: 177

GET
H/1.1

200
OK

ibs:dpid=30432&dpuuid=CI-fd085809ebee7274c385242d8d712f0f
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://dt.scanscout.com/ssframework/uid?UIAA=49138798238618946413985457423554896590&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D
https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-fd085809ebee7274c385242d8d712f0f

42 B
945 B

30ms
30ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-fd085809ebee7274c385242d8d712f0f

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-034026400.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: VtA5ayeXRbk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-fd085809ebee7274c385242d8d712f0f
Date: Tue, 16 Nov 2021 04:09:06 GMT
useSecure: true
Server: nginx/1.20.1
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 csp-report
q.stripe.com/ Frame A560 0
348 B 683ms
323ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.stripe.com/csp-report
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
x-envoy-upstream-service-time: 154
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 97F6 0
347 B 530ms
174ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.stripe.com/csp-report
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
x-envoy-upstream-service-time: 4
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 2B2B 0
347 B 585ms
231ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.stripe.com/csp-report
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
x-envoy-upstream-service-time: 62
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length: 0

GET
H2 200 shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A560 195 KB
48 KB 8ms
7ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

2b26b84e5f71a4c4c02e099b3ac41127993bb37309ec0a70cc940105261bbad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 5
x-cache: HIT
content-length: 49033
etag: "0df9cf5cc9ea42a98d2f3b8ec9fe1f06"
x-request-id: c2f56898-9a3f-4fc6-9b96-b435f522059e
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Fri, 12 Nov 2021 17:25:54 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2

GET
H2 200 controller-ed269911e794982ef5adf6e3cb9fe362.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A560 305 KB
78 KB 15ms
14ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-ed269911e794982ef5adf6e3cb9fe362.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ac4fa01d0f15c84238d84f75fa38e45717c42ea8e1e4230c973722cab1a30d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/controller-6ae29ff8a2ddcc0b2ec49757fc14c08a.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 121
x-cache: HIT
content-length: 79364
etag: "5ba9936c7c249b47004c48222967caa0"
x-request-id: d1fc8673-4ebc-4ac2-be74-df330a14070b
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Fri, 12 Nov 2021 17:25:55 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 97F6 95 KB
31 KB 132ms
68ms Script
application/javascript 2a00:1450:400c:c00::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f213f4d04dbf45b8270951f782d4681115bea3c957436da078697c091bd3c21

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M+lcNDmeGs0aZ4o5UFf2Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-M+lcNDmeGs0aZ4o5UFf2Fg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=600
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-M+lcNDmeGs0aZ4o5UFf2Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-M+lcNDmeGs0aZ4o5UFf2Fg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 97F6 195 KB
48 KB 9ms
8ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

2b26b84e5f71a4c4c02e099b3ac41127993bb37309ec0a70cc940105261bbad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 5
x-cache: HIT
content-length: 49033
etag: "0df9cf5cc9ea42a98d2f3b8ec9fe1f06"
x-request-id: 260f8e6f-86d8-43eb-91bb-011dcf6705e4
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Fri, 12 Nov 2021 17:25:54 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3

GET
H2 200 payment-request-inner-google-pay-4645f70b2486dff134650d5d522fad20.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 97F6 13 KB
4 KB 18ms
17ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-4645f70b2486dff134650d5d522fad20.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

032b2cd62ca53bd3edf67462afb364442044e4338d4eedf1269375bc238682d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-3b9f6c2e72044174f4509006d3bcb52c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 2
x-cache: HIT
content-length: 4367
etag: "e54b5138e0469d998089f7239d6f9aeb"
x-request-id: 0997d727-c8b0-429e-b817-92dbf27af229
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Wed, 10 Nov 2021 20:01:25 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2B2B 195 KB
48 KB 12ms
12ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

2b26b84e5f71a4c4c02e099b3ac41127993bb37309ec0a70cc940105261bbad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 5
x-cache: HIT
content-length: 49033
etag: "0df9cf5cc9ea42a98d2f3b8ec9fe1f06"
x-request-id: 21a5fb7e-fb12-4134-b5c5-1ae82bf8da53
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Fri, 12 Nov 2021 17:25:54 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4

GET
H2 200 payment-request-inner-browser-f2a776258b5d03fabd63ccb663dcf89a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2B2B 11 KB
4 KB 17ms
17ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-f2a776258b5d03fabd63ccb663dcf89a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

71a55578d53e666ef644669139972f47092d97114a67c8b251f155ef6c19c15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-4efaaecc89ff64a13773d891979378c1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 14
x-cache: HIT
content-length: 4063
etag: "10d818482d8e44820136b10d6f9b02e4"
x-request-id: ad195c11-8327-44f4-926e-b3cb2c0f0c5a
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Mon, 25 Oct 2021 19:35:22 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:05 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 utrack.js Show response
tags.news.com.au/prod/utrack/ 2 KB
1 KB 16ms
12ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/utrack/utrack.js?cb=16370357459950.25275528115534884
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bfa67e2ce103d04234fa84f7595c316d23f46eed219683f06e264fb27dc91637

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=0, no-cache, no-store
content-type: application/x-javascript
content-length: 831
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 mitas.js Show response
tags.news.com.au/prod/mitas/ 666 B
905 B 12ms
10ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/mitas/mitas.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: max-age=29440
server: AkamaiNetStorage
content-type: application/x-javascript
etag: "83a2bbd4d3829f1d4278f4ff0988804c:1490850995"
content-length: 666
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"

GET swg-button.css
news.google.com/swg/js/v1/ Frame BEF2 0
0

GET
H2 200 runtime~main.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 4 KB
2 KB 126ms
126ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

8e7400df47a13dcc2dffdba99dab86ff4ef60897c5e1ffbc76a8833315ff27a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-P1
etag: "42aace6ef411dd6f15893da75bdc4790"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=32
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 1895
x-amz-cf-id: 6_7X-mt0wYgoosQIRDOcTIsy0Jvw33lE5uSZLc4X5Up1Gnu8_XzJdQ==

GET
H2 200 368.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 200 KB
64 KB 113ms
112ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/368.js?2b42fb3fb73a43bd8581

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

ea98d785faefcce6010127439cefe944b44a85a06380402ee3ecb28b3b8fb114

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "e772c095dadaf101056fb0c936a4e950"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=4
strict-transport-security: max-age=600
accept-ranges: bytes
x-amz-cf-id: ZUgf-gi6Geqeya_WWgHr0y94lmr06qBGwEhFnMG6oERfIpUuLU7ihw==

GET
H2 200 474.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 205 KB
40 KB 132ms
131ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/474.js?2b42fb3fb73a43bd8581

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

1cbf8436e87e25f67ed640e9ce5ede3fb07d0c517ae9bee6c705fc6e381faaaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-P1
etag: "f7c7a6d2080d85bdf49a631c542cf08f"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 40832
x-amz-cf-id: jpN4axZ6lApm9tFVhvmwQAnAjwm9WLFkcHQDzIaymTl6_qze5MZXlQ==

GET
H2 200 main.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 11 KB
4 KB 103ms
102ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/main.js?2b42fb3fb73a43bd8581

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

7a5886e1bebe9472d5627dfabd91535410d64ab9fce83791708d4a5fa8271847

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "d8a11137c28ff67b623d3c1c19fae63f"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 4239
x-amz-cf-id: zYpIcn_Z1IfgEdxEwhcJpG7odxQ6HjjvSMsQ1z2oaOjO1BszEnoCYw==

GET
H2 200 metrics.js Show response
tags.news.com.au/prod/metrics/ 180 KB
62 KB 23ms
23ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/metrics/metrics.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ae3b07b4d9eb90bca5ac3747a97b2a52dfdc2eff8ad0180ebf9b4bd2084ff0d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "9d8b89846324bbd584797f0ef90a71af:1637033321.549842"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=83984
content-type: application/x-javascript

GET
H2 200 tad.js Show response
tags.news.com.au/prod/tad/ 86 KB
27 KB 16ms
16ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/tad/tad.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d345e08d4af916f03d9cf0f168817158294d800a94ea2fc9fa9f3e41abb3a46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "149d1d390a5ec6da34b48f20af8d9691:1636952872.125772"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=81304
content-type: application/x-javascript
content-length: 27548

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 136ms
49ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

666556ad166a083e88cc14d5ddc1848023a3757f887d5711ccaee0835f8b9cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1045 / 953 of 1000 / last-modified: 1637017603"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26690
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 nielsen.js Show response
tags.news.com.au/prod/nielsen/ 25 KB
10 KB 10ms
9ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b6ed52620b0e664886b8e980fe5acc99a3abcdfc1e63ab42cfaab3f5c37d2cc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "5f7339d587fa5267589cad826aed6c7b:1633930260.853289"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=21009
content-type: application/x-javascript
content-length: 9762

GET
H/1.1 200
OK ncg.js Show response
au.tags.newscgp.com/prod/ncg/ 155 KB
48 KB 48ms
9ms Script
text/javascript 143.204.98.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-110.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89734c02492d82d9541efd36f0536204494afdc762a0676a1041b9907af3ffed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:01:46 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 05:38:59 GMT
Server: AmazonS3
Age: 446
ETag: W/"50061cbd590b509a060f1162b459b261"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: CXbxnKo6SzdV-NqSpzSYeNmWxV4gMDPio38bXOBgf8CK2nGeYLLxJg==

GET
H2 200 utag.5.js Show response
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 2 KB
1 KB 8ms
8ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.5.js?utv=ut4.46.202101180416
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 486bfd7abe66605adf29acea3e537ff8973f9bfc5ccf4d47e6764f3f0a51a55c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 18 Jan 2021 04:16:52 GMT
server: AkamaiNetStorage
etag: "0436c02969f65dfb9a3d688f878ce27b:1610943412.657267"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 920
expires: Wed, 01 Dec 2021 04:09:06 GMT

GET
H2 200 utag.673.js Show response
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 2 KB
1 KB 8ms
8ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.673.js?utv=ut4.46.201911200450
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8d8017dcf0215335c597e2a4fb3b1d49aa74002d020078689b5c7f6dbf2fd5a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Wed, 20 Nov 2019 04:50:26 GMT
server: AkamaiNetStorage
etag: "6de2c8775994bd52649030333c12458f:1574225426.28333"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 904
expires: Wed, 01 Dec 2021 04:09:06 GMT

GET
H2 200 utag.680.js Show response
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.680.js?utv=ut4.46.201911242359
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 46fab4e43aca3f13f50005bb32123ef8d4d9caba65f1cc70751081f70292f704

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Sun, 24 Nov 2019 23:59:09 GMT
server: AkamaiNetStorage
etag: "a22f6448a2a7ef060ce3eb982528ca10:1574639949.213301"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1333
expires: Wed, 01 Dec 2021 04:09:06 GMT

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 686ms
338ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=49138798238618946413985457423554896590&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

42 B
963 B

36ms
28ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-025614274.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 303,104
X-TID: tXNpO7JaTfc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date: Tue, 16 Nov 2021 04:09:06 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 660ms
339ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 658ms
338ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 657ms
338ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 658ms
339ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 656ms
338ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
214 B 655ms
338ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 656ms
339ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 656ms
340ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 71ms
8ms Script
application/x-javascript 2600:9000:2156:600:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.5.js?utv=ut4.46.202101180416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:600:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 02:46:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 4956
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2bG2GJ42sA0aPaTMJf8CgtKBJbFQhYphGuVf3dVjXCf3DcOrQ8Iwug==
expires: Tue, 16 Nov 2021 04:46:30 GMT

GET
H2 200 ebOneTag.js Show response
secure-ds.serving-sys.com/SemiCachedScripts/ 59 KB
19 KB 48ms
7ms Script
application/javascript 95.101.27.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.27.30 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-27-30.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: f6a9ed90057ad36a18b61529450500cf51a3a6878960eace920c4e10ccd99ca9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Tue, 05 Oct 2021 14:32:05 GMT
server
x-powered-by: ARR/2.5
etag: "bcfb20c5f5b9d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 18961

GET
H2 200 scevent.min.js Show response
sc-static.net/ 18 KB
7 KB 60ms
22ms Script
application/javascript 143.204.98.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-115.fra50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 2abb7e88d7c41bc428364b1e15a43a60b39856382e2482bada2607f3996ca9af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 6804
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-amz-cf-id: NtOdortJ26QqYuZmFcvf7Z20iNAsj0vwg1r5xDoJfBnyhekY3S82LA==

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 7ms
7ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/hwt.sops/202109070131&cb=1637035746091
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 16 Nov 2021 04:19:06 GMT

GET
H2 200 PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js Show response
cdn-gl.imrworldwide.com/conf/ 33 KB
7 KB 49ms
8ms Script
application/javascript 2600:9000:2156:9600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Requested by: Host: tags.news.com.au
URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11201091646948ee46f45c955410429537df83117042aa4842761607e30efe09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: qmY7ysrEOE34N2AGfeZfA0PcWqG_EcJN
content-encoding: gzip
etag: W/"64f265d8e6610a93cd756a05784d26c8"
last-modified: Mon, 15 Nov 2021 11:18:37 GMT
server: AmazonS3
age: 4078
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Tue, 16 Nov 2021 03:18:15 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: mgWEXgzQ_H6zLWbZs7H25bWU8yjUc40pMu9XYS02Ew15VRHRb5Z4ow==

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 32ms
31ms XHR
application/json 34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=49159856810536542513983360397549614036&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=newsnkidcookie%018a66695d58dadd59882459caa779c5af%011&ts=1637035746110

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8d71991bd9a30292dc8bebba8efe583c89c8ef8eea9d2b3c2573f00ba72d75e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v019-0dab1dc84.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: BLes6XmZTXY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1546
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559&ipr=y

42 B
108 B

427ms
75ms

Image
image/gif

142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559&ipr=y

Requested by

Protocol

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=1530446559&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860&ipr=y

42 B
108 B

438ms
51ms

Image
image/gif

142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860&ipr=y

Requested by

Protocol

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2630938860&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gdpr_user_check.esi Show response
tags.news.com.au/prod/data-esi/top/ 63 B
362 B 490ms
471ms XHR
text/plain 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi?
Requested by: Host: au.tags.newscgp.com
URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiGHost /
Resource Hash: c234d3a6e7ff0a41542220e1202ea768bffeca48680c47de404653fa040a9c7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
server: AkamaiGHost
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
etag: "519053bf13ef3980b8829a5ec0f4dbc4:1632729087.383686"
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=0, no-cache
content-length: 63
mime-version: 1.0
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 6630 Show response
secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/ 18 KB
2 KB 266ms
252ms XHR
application/octet-stream 95.101.27.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/6630
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.27.30 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-27-30.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 82d8f9e43991ed1ad3e24a47253db1aee093d6fb43c185f1f4e19a5d00fb423c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: C6Yt0XQN8JQ6sg.g4tfxBlQsuE50bubU
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 03:23:42 GMT
server: ATS/7.1.0
x-amz-request-id: MXD9AT428JFCDQDR
etag: "02491d02b66b5991e5c2d7212b930146"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=212
date: Tue, 16 Nov 2021 04:09:06 GMT
x-amz-replication-status: PENDING
accept-ranges: bytes
content-length: 1282
x-amz-id-2: rdG71F7pFSuakD5VWQP1kciOv77z339SrZbGff+r4yFxRb22Hs/1E8YeEmohXUau5zmjxC/ofmo=

GET
H3 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 908B 17 KB
7 KB 90ms
70ms Document
text/html 2a00:1450:400c:c00::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbb1a028b5ad03f0f8209936fefe8247688c9ccb1c879cdbf4c932e569c5abc8

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-raLC2YofGnoNLwTRsErEhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-raLC2YofGnoNLwTRsErEhQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Tue, 16 Nov 2021 04:09:06 GMT
date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-raLC2YofGnoNLwTRsErEhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-raLC2YofGnoNLwTRsErEhQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 193 KB
54 KB 8ms
7ms Script
application/javascript 2600:9000:2156:9600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: zlYBAKd4EFa8SaOhPOy.ffYFxOn9YL7u
content-encoding: gzip
etag: W/"711241d99f4dbd99c7bef0f79ce85582"
last-modified: Mon, 15 Nov 2021 15:07:58 GMT
server: AmazonS3
age: 56
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 16 Nov 2021 04:08:13 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: _DkpWEAjkAi9Hj1XHqAXfsHaNYJ6fNCHVeXC8gSpKMS_pQf1Q1nHhg==

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 46 B
313 B 60ms
21ms Fetch
application/json 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=63f03fde-185c-4ae3-a0c6-3741b8da74a5

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

6797d9000ae3c1521e174b53898240f161dbf04d739bddece5dcf5c0c52aa39d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 google
server: nginx/1.17.3
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46

GET
H2 200 SourceSansPro.css
subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame BEF2 2 KB
2 KB 13ms
13ms Stylesheet
text/css 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: BU9pslV_1tk2oM9KNiljnrkOp3wYAVog
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:42 GMT
server: AmazonS3
age: 13048
etag: "2a13a755f725cea2c202bc30af451d10"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 16 Nov 2021 00:51:42 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2173
x-amz-cf-id: kXkjBEQowzGAy5lYUe3cZmCw2i7namrrGzqZBnky3h4DmQ3B0wkLtg==

GET
H2 200 Charter.css
subscriptions.news.com.au/media/fonts/Charter/ Frame BEF2 2 KB
2 KB 13ms
13ms Stylesheet
text/css 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:10 GMT
server: AmazonS3
age: 13048
etag: "9d796e9621f8bd2ea24552819973cb20"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 16 Nov 2021 00:51:42 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 1635
x-amz-cf-id: cdC72JfrgyxGzKpdJXqRFXTRtT5F7UvKqHaKKph2lb0AIIEjz3WmuA==

GET
H2 200 env.json Show response
subscriptions.heraldsun.com.au/caas/1.7.5/config/ Frame BEF2 1 KB
1 KB 92ms
91ms XHR
application/json 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/config/env.json

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/368.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e8820954a291bb4e89b0f7e0accb37839b4e3322e70ce2fe9b01050b33556be

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept: application/json, text/plain, */*
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "6951f4b98b1d9249d316487258b64dc7"
vary: Accept-Encoding
content-type: application/json
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 759
x-amz-cf-id: f2Owt2JXDtz1vwXSDm6Tqyf6NqYc3N64vjRagzygV1zKcDdYyq5MFg==
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 3832 0
241 B 50ms
22ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=63f03fde-185c-4ae3-a0c6-3741b8da74a5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 16 Nov 2021 04:09:06 GMT
content-type: text/html
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 7D00
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=49138798238618946413985457423554896590
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=49138798238618946413985457423554896590

0
338 B

96ms
27ms

Image
text/plain

52.208.185.108
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=49138798238618946413985457423554896590
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Server: 52.208.185.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-185-108.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private, no-cache, no-store
x-request-time: D=87 t=1637035746
x-served-by: beacon-n010-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=49138798238618946413985457423554896590
date: Tue, 16 Nov 2021 04:09:06 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a011-ash-prod.krxd.net

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 296ms
96ms Image
image/gif 52.6.232.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=heraldsun.com.au&p=%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%3A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&u=xKsWVDCr2GtBt5Ife&d=heraldsun.com.au&g=34257&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3151&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=4756&t=BW66hlBuqXByvJBkmNbbbJsEq3u&V=129&i=Heraldsun.com.au%20%7C%20Subscribe%20to%20the%20Herald%20Sun%20for%20exclusive%20stories&tz=0&sn=1&sv=BjGuISCxBzd7bai4KC7U6qDCphB2g&sd=1&im=0e030412&_
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.6.232.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-232-190.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

POST
H2 200 s76776575880964 Show response
metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/ 43 B
469 B 67ms
18ms XHR
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/s76776575880964

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/metrics/metrics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 17 Nov 2021 04:09:06 GMT
server: jag
xserver: anedge-6988cccb6f-69wjv
etag: 3515507496271642624-4619884362475809522
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Mon, 15 Nov 2021 04:09:06 GMT

POST
H3 200 p Show response
tr.snapchat.com/ Frame 3B25 0
15 B 42ms
26ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.heraldsun.com.au
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 16 Nov 2021 04:09:06 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 p Show response
tr.snapchat.com/ Frame 4369 0
15 B 42ms
27ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.heraldsun.com.au
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 16 Nov 2021 04:09:06 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2021111101.js Show response
securepubads.g.doubleclick.net/gpt/ 343 KB
115 KB 97ms
50ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

604496ee6acca620cd59265c2302f6a03fe02d65bc5306d952f0fa94d92fa5c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117937
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 09:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
128 B 94ms
48ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a86e367c410aeae763f5e66015e6ce692957cec67f31162d9cbfc217a795f0ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 9D80 12 KB
4 KB 7ms
7ms Document
text/html 2600:9000:2156:9600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html
last-modified: Mon, 18 Oct 2021 14:09:23 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: fWy1EzHp9Q0L9DPiegymkYQaHVC9sb1R
server: AmazonS3
content-encoding: gzip
date: Tue, 16 Nov 2021 04:07:36 GMT
cache-control: max-age=86400
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 5QlvqPBsy4r_s89aja_vf-QapPiOepaxITHdDw-qfAS2WkzU491O5w==
age: 105

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 908B 2 KB
2 KB 18ms
18ms Other
text/html 2a00:1450:400c:c00::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c00::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1608
content-type: text/html; charset=UTF-8

GET
H2 200 rampart.js Show response
www.heraldsun.com.au/remote/identity/rampart/latest/ Frame BEF2 274 KB
82 KB 36ms
35ms Script
application/x-javascript 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-28.deploy.static.akamaitechnologies.com

Software

AkamaiNetStorage /

Resource Hash

4768c9c09426579117c9cc397f7bffc83c22b7ebe652b2fa492496ae8b680ab2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "6778d105432607d0b73f0a808e1b81ad:1636438006.632996"
vary: User-Agent, Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1384
date: Tue, 16 Nov 2021 04:09:06 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 16 Nov 2021 04:32:10 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame 908B 148 KB
52 KB 426ms
40ms Script
text/javascript 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

27873296fc74fcf7de331a0c0e3a7dc8bb8dbe8dedd7b73c3979e10a343caf00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 17:27:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297723
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52912
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 05:24:19 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires: Sat, 12 Nov 2022 17:27:03 GMT

GET
H/1.1

200
OK

ibs:dpid=134096&dpuuid=$_BK_UUID
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://tags.bluekai.com/site/43981?id=49138798238618946413985457423554896590&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

42 B
963 B

29ms
28ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0d78772a5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 303,104
X-TID: x3eqPnscQVs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID
Date: Tue, 16 Nov 2021 04:09:06 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 gn
secure-sdk.imrworldwide.com/cgi-bin/ Frame 9D80 44 B
563 B 140ms
36ms Image
image/gif 34.243.165.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PE61ECF8B-8E10-4919-930F-697F3D3DBB98&sessionId=4zrzsbjrajqjhr0zqjklyitta8pjv1637035746&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.615&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.165.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-165-128.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com/ Frame 9D80 35 B
351 B 83ms
7ms Image
image/gif 2600:9000:2156:4a00:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com/
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4a00:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 04:48:22 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 84045
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 35
x-amz-cf-id: tnnXSEuv1LZ7dJO20Ve5C8x77QJaO7kDwg_cRygvJPh6TiqjRdq2VA==

GET
H2 200 messages Show response
dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/ Frame BEF2 6 KB
2 KB 251ms
250ms XHR
application/json 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/messages

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/368.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

56bc687b2a58d0145a7ab051dba9a1c8d64ff4bc048122726ed0960686e6d2e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://subscriptions.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: miss
link: <https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/>; rel="https://api.w.org/"
x-rq: hhn2 0 2 9980
allow: GET
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://subscriptions.heraldsun.com.au
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type

GET
H2 200 Serving Show response
bs.serving-sys.com/ 13 KB
3 KB 52ms
12ms Script
text/html 18.184.90.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=ot&onetagid=6630&dispType=js&sync=0&sessionid=7071799009942704256&pageurl=$$https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend$$&activityValues=$$Session%3D6906064891560296096$$&ns=0&rnd=47705188011372557
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.90.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-90-3.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1de7a6ff119f07e05d189dc1f7132c33dd9ef92445869ab4df32151c02ed644f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: text/html; charset=UTF-8
content-length: 2744
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVpNdTRRQUFBSUxfY2dRQQ==

170 B
188 B

49ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVpNdTRRQUFBSUxfY2dRQQ==

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035746.464468,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVpNdTRRQUFBSUxfY2dRQQ==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame B64E 4 KB
5 KB 44ms
7ms Script
application/x-javascript 143.204.94.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.161 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-161.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 15 Nov 2021 15:45:31 GMT
Via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 44616
ETag: "98d98b3499058b76d58073cf8ede2f10"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 4593
X-Amz-Cf-Id: cm8_yu2UZ9nIXPnDvgkCnbAHkuI4QHGjyUZG2hElsaTKya88JJY4WQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 28EA 97 KB
39 KB 437ms
50ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-994679518

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7f4dc362c04e1d8cbf1aa27a4c2a920851879f07afe2ab4b13073be2c8db1546

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39560
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 8D63 97 KB
39 KB 495ms
118ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-930683048

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

39e27103d4049f6b8f0c3ef58efe8c15220de978810db235180b0f66bb4660f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39560
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 1B62 14 KB
6 KB 36ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100040-IAD, cache-hhn11553-HHN

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame B3FD 5 KB
2 KB 33ms
8ms Script
application/x-javascript 2a02:26f0:f7::5c7b:e053
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e053 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=30628
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A052 97 KB
39 KB 459ms
97ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-707564276

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e5006c74add9d64b4176466ac19de9b305f00608e15ee220ce576eaea45c9bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39552
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame B36D 97 KB
39 KB 514ms
157ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-707564276

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c396347e55c5ff7f20197f025b592802eecc32598d791f74ecacfb538a2a1d5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39554
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 6899 4 KB
5 KB 13ms
7ms Script
application/x-javascript 143.204.94.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.161 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-161.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 15 Nov 2021 15:45:31 GMT
Via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 44616
ETag: "98d98b3499058b76d58073cf8ede2f10"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 4593
X-Amz-Cf-Id: 084lJmBDfjEtBIjgY21yFibG0PQLsMJQ_eDHhrV2xSRf8KtKAHs9JA==

GET
H/1.1 200
OK pixie.js Show response
acdn.adnxs.com/dmp/up/ Frame 7A4D 9 KB
4 KB 30ms
7ms Script
application/javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/up/pixie.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
Content-Encoding: gzip
Age: 80518
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 3340
X-Served-By: cache-lga21934-LGA, cache-hhn4058-HHN
Access-Control-Allow-Origin: *
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1637035747.569017,VS0,VE0
ETag: W/"60b79de0-23b3"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 01 Oct 2021 05:45:37 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 1, 31674

GET
H3

200

activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962 Show response
8228261.fls.doubleclick.net/ Frame 3F78
Redirect Chain

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962?
https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=536815784535...

402 B
352 B

102ms
56ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

584636fcdd2f830ca05c57bf62f63e6576a721e434d01bf88c0621c60ccf5969

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 04:09:06 GMT
expires: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 329
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 04:09:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692 Show response
8228261.fls.doubleclick.net/ Frame B49E
Redirect Chain

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692?
https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=185049434957...

402 B
354 B

106ms
67ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

e805a14f988644c4f67fb1c6272968d50b15ba97712242407c26ee86b4991796

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 04:09:06 GMT
expires: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 331
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 04:09:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 73AB 45 KB
18 KB 135ms
49ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17627
x-xss-protection: 0
server: cafe
etag: 16294007831590153160
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 0AB6 45 KB
17 KB 157ms
77ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17627
x-xss-protection: 0
server: cafe
etag: 16294007831590153160
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame 1784 70 B
260 B 37ms
35ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=12uiapu&ct=0:yzl4bfk&fmt=3
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame CAF0 70 B
260 B 36ms
34ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=12uiapu&ct=0:ra6cunp&fmt=3
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK spp.pl
sp.analytics.yahoo.com/ Frame 2905 43 B
964 B 118ms
38ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10041060&js=no&url=heraldsunshopfrontpage020419

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: ATS
X-Frame-Options: DENY
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Expires: Tue, 16 Nov 2021 04:09:06 GMT

GET
H2 200 activity
au-gmtdmp.mookie1.com/t/v2/ Frame 148E 43 B
608 B 319ms
264ms Image
image/gif 35.227.202.26
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://au-gmtdmp.mookie1.com/t/v2/activity?tagid=V2_296557&src.rand=[timestamp]
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.202.227.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ Frame F3E6 43 B
951 B 58ms
28ms Image
image/gif 185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=879166&seg=9702347&t=2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d23b66cf-74c6-4a1e-8c09-5796bb952f2a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
935 B 44ms
14ms Image
application/javascript 185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1049974&seg=15374424&t=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2bc471b6-0891-4927-a1eb-304a7b379fac
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
935 B 34ms
33ms Image
application/javascript 185.33.221.14
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1049969&seg=15374299&t=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: de20b81b-4ea1-4e5c-b5f2-d085d8426b3d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YZMu4QAAAIL_cgQA&expires=90

0
239 B

29ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YZMu4QAAAIL_cgQA&expires=90
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035747.591953,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YZMu4QAAAIL_cgQA&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 435ms
47ms Script
application/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 436ms
48ms Script
application/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 75ms
74ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1317550078076201&correlator=3332394395919557&output=ldjh&impl=fifs&hxva=1&scor=1490445560524433&eid=31063711&vrg=2021111101&ptt=17&co=1&npa=1&sc=1&sfv=1-0-38&ecs=20211116&iu_parts=5129&enc_prev_ius=%2F0%2F&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D1&eri=1&cust_params=us%3Db%26s%3D0%26co%3D1%26kw%3D%26nk%3D8a66695d58dadd59882459caa779c5af%26sec1%3Dsops%26sec2%3Dsubscription%26sec3%3Dcustomerdetails%26ksgmnt%3D%26siteview%3D1%26pagetype%3Dbreach%252Cshopfront%26adl%3Dfalse%26snol%3Dh%26abtest%3Da%26pvid%3D8a66695d58dadd59882459caa779c5af-00000000000000000000000000000000-1637035746072-596845&bc=31&abxe=1&lmt=1637035746&dt=1637035746603&dlt=1637035743686&idt=2773&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=3151&adks=14334197&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3151&msz=0x0&ga_vid=7507679.1637035747&ga_sid=1637035747&ga_hid=263735905&ga_fc=false&fws=132&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f9e86498a37fc0c52d02eadc844230eb0886c1a7f5fb907cb92f2a250ec7831b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E832 6 KB
4 KB 447ms
46ms Document
text/html 142.250.186.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 16 Nov 2021 04:09:07 GMT
expires: Wed, 16 Nov 2022 04:09:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

collect
px4.ads.linkedin.com/ Frame B3FD
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1765380%26time%3D1637035746617%26url%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252...

0
155 B

582ms
142ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&liSync=true&e_ipv6=AQIqU5k8J5z9DQAAAX0m7yfpTXJ3W4_ui1aFTgZiu4pO-NUThdJwNypIesM25P7K_AaBL3H1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: MPXQ21brtxYQyY6DaysAAA==

Redirect headers

date: Tue, 16 Nov 2021 04:09:07 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1637035746617&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&liSync=true&e_ipv6=AQIqU5k8J5z9DQAAAX0m7yfpTXJ3W4_ui1aFTgZiu4pO-NUThdJwNypIesM25P7K_AaBL3H1
x-li-proto: http/2
x-li-pop: prod-lva1
content-length: 0
x-li-uuid: wXYFuVbrtxZQTs7EXysAAA==

GET
H/1.1 200
OK pixie
ib.adnxs.com/ Frame 7A4D 42 B
339 B 13ms
13ms Image
image/gif 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/pixie?e=PageView&pi=4332873b-84ca-4d4d-a575-ee974bcdf99a&it=1637035746618&v=0.0.20&u=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&st=1637035746618&et=1637035746619&if=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: nginx/1.17.9 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx/1.17.9
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
Content-Length: 42
Content-Type: image/gif

GET
H2 200 authorize Show response
login.newscorpaustralia.com/ Frame B50A 2 KB
3 KB 379ms
378ms Document
text/html 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=c9QzNxfCY8rLKdf_Fmn_wTlBlG4hvDyT&nonce=kwLtZFccF9Q5DTMXlfirwF.qMV6cdXBr&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

cloudflare /

Resource Hash

159bfe00b2df93ed4d17169a589a60db817b8416a697101f0d4603690cf9e27e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/

Response headers

content-type: text/html;charset=UTF-8
cf-ray: 6aeddca88ce7690f-FRA
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id: 6aeddca88ce7690f
ot-tracer-sampled: true
ot-tracer-spanid: 6e7dfc911cfdcaf6
ot-tracer-traceid: 2eb0c95908c9dfd2
x-auth0-requestid: 160f65c6d17e5fc1a2f2
x-content-type-options: nosniff
x-ratelimit-limit: 1000
x-ratelimit-remaining: 999
x-ratelimit-reset: 1637035747
server: cloudflare
content-encoding: gzip
x-akamai-transformed: 9 539 0 pmb=mTOE,3
expires: Tue, 16 Nov 2021 04:09:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-length: 806
vary: Accept-Encoding

GET
H2 200 adsct
t.co/i/ Frame 1B62 43 B
470 B 135ms
114ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o3flk&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&event_id=b0bea6bd-f3b8-4292-990e-7d082bd0e3b0&tw_document_href=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Tue, 16 Nov 2021 04:09:06 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 5fdae89c5d35652c7c4d4b98d3ae537d3a271051ceb4f10b9e9f32dcddd213c1
x-transaction: 0b8d7ce67df63eeb
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
365 B 101ms
101ms XHR
text/plain 54.85.166.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20352597942.js?ver=5.7.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.166.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-166-2.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 16 Nov 2021 04:09:06 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 6196c198-c9c0-4ea7-8131-2fd5af735e75

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YZMu4QAAAIL_cgQA

43 B
1003 B

33ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YZMu4QAAAIL_cgQA
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 16 Nov 2021 04:09:06 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035747.693143,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YZMu4QAAAIL_cgQA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/859754747/ Frame 73AB 3 KB
1 KB 357ms
55ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/859754747/?random=1637035746741&cv=9&fst=1637035746741&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

725d6c48c92e3fdb2b8a8bd01a5216b8d69917c040f4badb78a0a5181a35362e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1209
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/ Frame 0AB6 3 KB
1 KB 353ms
53ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/?random=1637035746764&cv=9&fst=1637035746764&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

7862c8a10f76771bce9b240ff44339e8f444badce863a193160fcf2bc887f349

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1210
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=YZMu4QAAAIL_cgQA

43 B
1016 B

14ms
13ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=158&code=YZMu4QAAAIL_cgQA

Requested by

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Nov 2021 04:09:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 62875d3c-1a63-4097-95cd-18eb3e91da23
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035747.796853,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://ib.adnxs.com/setuid?entity=158&code=YZMu4QAAAIL_cgQA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuI... Frame 908B 36 KB
13 KB 338ms
36ms Script
text/javascript 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuIlsjPp1jU.L.B1.O/am=AgAB/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrj327ljlsYPxiDCQ6ar40fjrGFx4g/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

1c022ffd6e0b2f9f0df2b649a37dc141fe2c9b979660c3fe33d2d6efc3eb7794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 17:31:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13466
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 01:23:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires: Sat, 12 Nov 2022 17:31:28 GMT

GET
H2 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuI... Frame 908B 73 KB
27 KB 339ms
39ms Script
text/javascript 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuIlsjPp1jU.L.B1.O/am=AgAB/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrj327ljlsYPxiDCQ6ar40fjrGFx4g/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

sffe /

Resource Hash

4b9a4bc2f0f3c6dced7dea96969432e2b7f6317fa1039e72256ee8d7e79cdb6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 17:31:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27313
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 01:23:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires: Sat, 12 Nov 2022 17:31:28 GMT

GET
H2 200 dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962
adservice.google.com/ddm/fls/z/ Frame 3F78 42 B
107 B 277ms
141ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962

Requested by

Host: 8228261.fls.doubleclick.net
URL: https://8228261.fls.doubleclick.net/activityi;dc_pre=COamqrGBnPQCFevPEQgd9eYI7w;src=8228261;type=invmedia;cat=newsc006;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5368157845357.962?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8228261.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692
adservice.google.com/ddm/fls/z/ Frame B49E 42 B
262 B 248ms
117ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692

Requested by

Host: 8228261.fls.doubleclick.net
URL: https://8228261.fls.doubleclick.net/activityi;dc_pre=CIjiqrGBnPQCFc8Z4AodAYQKYA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1850494349571.692?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8228261.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YZMu4QAAAIL_cgQA
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YZMu4QAAAIL_cgQA

43 B
61 B

44ms
28ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YZMu4QAAAIL_cgQA
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.218.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 google
server: OXGW/16.218.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YZMu4QAAAIL_cgQA
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 google
server: OXGW/16.218.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YZMu4QAAAIL_cgQA

1 B
547 B

69ms
16ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YZMu4QAAAIL_cgQA
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:359
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035747.995277,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YZMu4QAAAIL_cgQA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 28EA 37 KB
14 KB 135ms
87ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-994679518

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET
H2 200 c98e109
login.newscorpaustralia.com/akam/11/ Frame B50A 32 KB
0 13ms
10ms Script
application/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login.newscorpaustralia.com/akam/11/c98e109
Requested by: Host: login.newscorpaustralia.com
URL: https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=c9QzNxfCY8rLKdf_Fmn_wTlBlG4hvDyT&nonce=kwLtZFccF9Q5DTMXlfirwF.qMV6cdXBr&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-77.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=c9QzNxfCY8rLKdf_Fmn_wTlBlG4hvDyT&nonce=kwLtZFccF9Q5DTMXlfirwF.qMV6cdXBr&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNy4wIn0%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Thu, 02 May 2019 20:01:52 GMT
etag: "bc21d5241f36efed77e0abf6b82f0fbade041008775eb4d55ce79d5b734b6f32"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
content-length: 10414
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET Zm4DYAgB
login.newscorpaustralia.com/lFQ9yn7NN/U3Cpp3i/vA/7zOztGSz/CBpnMBcC/RGty/ Frame B50A 0
0

GET
H2 200 435.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 27 KB
9 KB 190ms
189ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/435.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

176a4d7346001286ad894be3cc341bd466f932e48f947c14deddd5ce422ac519

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "d06060475925fd26eebf19d729f1fcd0"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=10
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 8641
x-amz-cf-id: Im63m4wal8h7OV598-KM37HmVuCrsGtDGU51vzGgr5FyrnoxgvAnIg==

GET
H2 200 33.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 8 KB
3 KB 108ms
107ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/33.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf3b2803b89ea7487c5d3d0104c7ff4edb35d12fd865fb98f83b1502d01437fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:44 GMT
x-amz-cf-pop: EWR53-P1
etag: "a5936e74bd56ad438f5f65c3b91c82d0"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=3
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 2542
x-amz-cf-id: L4EzkvuI3PB7W2vPf0kgl5GlZn9JCy3zYFhrRRczox7WpcdD920I2A==

GET
H2 200 725.async.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 17 KB
6 KB 179ms
178ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/725.async.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3155980f17aa9810c11e073b810370bf031cfa09d2323f003c80ad1877035bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "dd99792a8fea691437611f7e73021c0a"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=35
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 5562
x-amz-cf-id: yVBSo8jSJOiJtZWPiVuKRqFftrqJxfLZ8dYwz9I9C7RwFYaM9LBb2g==

GET
H2 200 357.async.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 25 KB
9 KB 167ms
165ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/357.async.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfad6d1cecf7337dcd922f1fab22a655d9e28aedddebb6d8ef5c07c8c277009b

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-P1
etag: "6849ace129baf5312aeedd2b943cf3b7"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=30
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 8500
x-amz-cf-id: Af-UQD0ivkNuntVyDQeXWfXgB8hLZ88QsdOwcva63RwewqolYH9ZeQ==

GET
H2 200 628.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 10 KB
4 KB 179ms
178ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/628.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

ddd84b76ce8d039b6093c8288a18c647a2a5ab876cae66d4f35d1958bbd47dc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-C3
etag: "5bc899fae760f7aee6d7760f64512017"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 3711
x-amz-cf-id: LwzPskH_zX39owmw2i5aB5XOA5TF6Rc4Y5YdFuYct3arsILiR9H7pA==

GET
H2 200 722.async.js Show response
subscriptions.heraldsun.com.au/caas/1.7.5/ Frame BEF2 121 KB
46 KB 184ms
183ms Script
text/javascript 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/722.async.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/runtime~main.js?2b42fb3fb73a43bd8581

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

c14cd8b7503a80c13ac6364ccb0040ff33947c11472ace08db00cd666569ee97

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-P1
etag: "5dde093c01c518f2d7909d950541e829"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=34
strict-transport-security: max-age=600
accept-ranges: bytes
content-length: 47193
x-amz-cf-id: guOgJq6AfxaHJuIRQeT7uejLfsCWKV3Sq1HtPPO6LmYw9NuQ3Vnu6w==

GET
H2 200 SourceSansPro-Regular.woff2
subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame BEF2 83 KB
83 KB 31ms
10ms Font
binary/octet-stream 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro-Regular.woff2
Requested by: Host: subscriptions.news.com.au
URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89de2f207fac8289b2b0d7300b282db8347db9f3098a30662c72ced8c199971c

Request headers

Referer: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Origin: https://subscriptions.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: HGUZ0F9RdAEWfB40COdzBzaJoUnKDPkQ
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
etag: "84900d939c3d3911d3a7d936cae4f3a6"
age: 13024
x-cache: Hit from cloudfront
content-length: 84808
last-modified: Wed, 23 Sep 2020 08:43:40 GMT
server: AmazonS3
date: Tue, 16 Nov 2021 01:55:24 GMT
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: yEjkoMqrX7LMh9mw38qdyWCNKmsmIJBRZsHupWFlx2POw9Yjg3xW-w==

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame A052 37 KB
14 KB 62ms
58ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-707564276

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 8D63 37 KB
14 KB 65ms
65ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-930683048

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame B36D 37 KB
14 KB 70ms
70ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-707564276

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1&__user_check__=1&sync_id=f172439d-4692-11ec-820a-14c817940106

43 B
549 B

16ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1&__user_check__=1&sync_id=f172439d-4692-11ec-820a-14c817940106
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 04:09:07 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 103
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 16 Nov 2021 04:09:07 GMT
Server: nginx
Location: /partner?adv_id=6409&uid=YZMu4QAAAIL_cgQA&img=1&__user_check__=1&sync_id=f172439d-4692-11ec-820a-14c817940106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 33
Connection: keep-alive
Content-Length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/859754747/ Frame 73AB 42 B
108 B 362ms
60ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/859754747/?random=1637035746741&cv=9&fst=1637035200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&fmt=3&is_vtc=1&random=35485563&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/859754747/ Frame 73AB 42 B
548 B 376ms
50ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/859754747/?random=1637035746741&cv=9&fst=1637035200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&fmt=3&is_vtc=1&random=35485563&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/994679518/ Frame 0AB6 42 B
108 B 356ms
55ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994679518/?random=1637035746764&cv=9&fst=1637035200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&fmt=3&is_vtc=1&random=1278555920&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/994679518/ Frame 0AB6 42 B
108 B 364ms
53ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994679518/?random=1637035746764&cv=9&fst=1637035200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&fmt=3&is_vtc=1&random=1278555920&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/ Frame A052 3 KB
1 KB 200ms
102ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/?random=1637035747142&cv=9&fst=1637035747142&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2396fd68fc1bf3336fa35af6639825e10f0881cb74e6bf78a10916c075b23909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/707564276/ Frame A052 2 KB
1 KB 50ms
49ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/707564276/?random=1637035747145&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

dbecb119cfb386410c10893ec4f1b96297bcfec28c1c0453ec952bca2e6cfd7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/privacysandbox/conversion/707564276/ Frame A052 0
0 348ms
48ms Image
text/html 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/pagead/privacysandbox/conversion/707564276/?random=1637035747145&cv=9&fst=1637035747145&num=1&fmt=3&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s01-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/930683048/ Frame 8D63 3 KB
1 KB 288ms
202ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930683048/?random=1637035747156&cv=9&fst=1637035747156&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc2e379a08aafb6806d5a8dfed3e4d596bf4c745945fbe4191615f55372f4e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1241
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/930683048/ Frame 8D63 2 KB
1 KB 49ms
49ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/930683048/?random=1637035747157&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

256a2e50c4f42579e82bd8461552633525a26a8f92d9ef96287961c53ea663e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/privacysandbox/conversion/930683048/ Frame 8D63 0
0 350ms
49ms Image
text/html 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/pagead/privacysandbox/conversion/930683048/?random=1637035747157&cv=9&fst=1637035747157&num=1&fmt=3&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s01-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/ Frame 28EA 3 KB
1 KB 560ms
491ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/?random=1637035747172&cv=9&fst=1637035747172&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113a741a94d0bf5d7736bdb1a1e764b8477f7d48dfa5dedbced8c8ea35aa3b41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1241
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/994679518/ Frame 28EA 2 KB
1 KB 51ms
51ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/994679518/?random=1637035747173&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

a74ee153a33537906db9ae7c9ff1093972c1b82334469726ae00ecb0931df6a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/privacysandbox/conversion/994679518/ Frame 28EA 0
0 349ms
49ms Image
text/html 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/pagead/privacysandbox/conversion/994679518/?random=1637035747173&cv=9&fst=1637035747173&num=1&fmt=3&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s01-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/ Frame B36D 3 KB
1 KB 115ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/?random=1637035747181&cv=9&fst=1637035747181&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30e9e4a6c8ef73ebfacb16773d82f28149afd39594f62791ab09150c341424d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1241
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 908B 49 KB
20 KB 1635ms
377ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuIlsjPp1jU.L.B1.O/am=AgAB/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrj327ljlsYPxiDCQ6ar40fjrGFx4g/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 482
date: Tue, 16 Nov 2021 04:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Nov 2021 06:01:06 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame 908B 1 MB
342 KB 78ms
78ms XHR
text/html 2a00:1450:400c:c00::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f9790dad2aa6913a070ea1b9abd98035636b8156a9b699d7320174a4a5197eb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-voQJX+pGsjO6OiK3FVqMAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-voQJX+pGsjO6OiK3FVqMAg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none
date: Tue, 16 Nov 2021 04:09:07 GMT
x-frame-options: DENY
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
content-security-policy: script-src 'report-sample' 'nonce-voQJX+pGsjO6OiK3FVqMAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-voQJX+pGsjO6OiK3FVqMAg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires: Tue, 16 Nov 2021 04:09:07 GMT

GET
H2

200

b.php
www.facebook.com/fr/ Frame 7D00
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YZMu4QAAAIL_cgQA&t=2592000&o=0

43 B
1 KB

49ms
26ms

Image
image/gif

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=YZMu4QAAAIL_cgQA&t=2592000&o=0

Requested by

Protocol

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 20:09:07 PST
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: kv0+1fOdnoJso8WaiJpDJt1LrpRvOmka+ijFMFkFsyBtysz+ETxXWiNJy1r4fSRvSIBUSMA8AN+cRvQkFEuRrA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/gif
vary: Accept-Encoding
cache-control: public, max-age=0
priority: u=3,i
expires: Mon, 15 Nov 2021 20:09:07 PST

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1637035747.204478,VS0,VE0
x-served-by: cache-hhn4062-HHN
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=YZMu4QAAAIL_cgQA&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

/
www.google.de/pagead/1p-conversion/707564276/ Frame A052
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200...
https://www.google.com/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...
https://www.google.de/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...

42 B
108 B

356ms
55ms

Image
image/gif

142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYfuTCramx_APvoyMiAo&cid=CAQSKQCNIrLMQSoxukRGnfx3qVqEohd78SqFkt7i3-P6utRdn2IbiXDz1dIR&random=1702591783&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJqeAuse9Ai9KSjwWPgGw7LvqV3WZu-ZdXkxMiRiES6Ms3KpT9ZT3sJD7qFbggFEI31QL3JBnWRkhY8vll2izX

Requested by

Protocol

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/707564276/?random=337702007&cv=9&fst=1637035747145&num=1&label=m9Y5CJ-OmLQBEPSlstEC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYfuTCramx_APvoyMiAo&cid=CAQSKQCNIrLMQSoxukRGnfx3qVqEohd78SqFkt7i3-P6utRdn2IbiXDz1dIR&random=1702591783&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJqeAuse9Ai9KSjwWPgGw7LvqV3WZu-ZdXkxMiRiES6Ms3KpT9ZT3sJD7qFbggFEI31QL3JBnWRkhY8vll2izX
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/930683048/ Frame 8D63
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.de/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...

42 B
64 B

130ms
129ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYZLfCr-qx_APy5mVyA0&cid=CAQSKQCNIrLMWSf7D47I2InvhHG80wyBejGs9L5a6VyqRgdI11ZIMBQ5Hd4k&random=64301466&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hBp2-EIYbkYK23Vutv4SgAEaBV8H059DwPv5kgJzLpQfnP4t9XI-WGiV5pN2VAjBnXFZSZG17IAi-VYw3rV7iIt

Requested by

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/930683048/?random=1538964991&cv=9&fst=1637035747157&num=1&label=7SdtCKz0xcwBEKix5LsD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYZLfCr-qx_APy5mVyA0&cid=CAQSKQCNIrLMWSf7D47I2InvhHG80wyBejGs9L5a6VyqRgdI11ZIMBQ5Hd4k&random=64301466&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hBp2-EIYbkYK23Vutv4SgAEaBV8H059DwPv5kgJzLpQfnP4t9XI-WGiV5pN2VAjBnXFZSZG17IAi-VYw3rV7iIt
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/994679518/ Frame 28EA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.de/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...

42 B
64 B

55ms
55ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYc7XC7zEx_AP37y6eA&cid=CAQSKQCNIrLMOKULITfDMzQlHMXFEo5Y7AgQK0dOjH8ub64U1EBtXqloJqJB&random=2085449866&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hDcY2OTPwpLTkDglGPQBrqlWwZUGOFRmaPGdSWsbwV5hQNQ01i7LaESXoqL-AjC567bjduejR-VhdJZ0yO2ks1C

Requested by

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/994679518/?random=1018834988&cv=9&fst=1637035747173&num=1&label=EgqJCNeJ1tgBEN61ptoD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&auid=194136279.1637035747&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4y6TYc7XC7zEx_AP37y6eA&cid=CAQSKQCNIrLMOKULITfDMzQlHMXFEo5Y7AgQK0dOjH8ub64U1EBtXqloJqJB&random=2085449866&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hDcY2OTPwpLTkDglGPQBrqlWwZUGOFRmaPGdSWsbwV5hQNQ01i7LaESXoqL-AjC567bjduejR-VhdJZ0yO2ks1C
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
trc.taboola.com/sg/adobe/1/ Frame 7D00 43 B
239 B 36ms
14ms Image
image/gif 2a04:4e42::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
via: 1.1 varnish
server: nginx
x-timer: S1637035747.326666,VS0,VE9
x-served-by: cache-hhn4036-HHN
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/707564276/ Frame B36D 42 B
108 B 387ms
86ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/707564276/?random=1637035747181&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2395953020&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/707564276/ Frame B36D 42 B
108 B 137ms
52ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/707564276/?random=1637035747181&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2395953020&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=461447&dpuuid=RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003
dpm.demdex.net/ Frame 7D00
Redirect Chain

https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync/adobe/0?zcc=1&dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D&cb=1637035747446
https://sync.targeting.unrulymedia.com/csync/RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3DRX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003
https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003

42 B
945 B

31ms
31ms

Image
image/gif

34.240.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003

Requested by

Protocol

HTTP/1.1

Server

34.240.91.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-91-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0ffef969f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Th3rsHNAQSk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003
date: Tue, 16 Nov 2021 04:09:07 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXba3e8e699c3f42b1aa0f6ed353325a3b003
content-type: text/html

GET
H2 200 /
www.google.com/pagead/1p-user-list/707564276/ Frame A052 42 B
108 B 394ms
93ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/707564276/?random=1637035747142&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2623281313&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/707564276/ Frame A052 42 B
108 B 61ms
61ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/707564276/?random=1637035747142&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2623281313&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 9F23 0
181 B 36ms
34ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=12uiapu&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&upid=trk7f24&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ Frame 1B62 31 B
677 B 416ms
121ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o3flk&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&event_id=b0bea6bd-f3b8-4292-990e-7d082bd0e3b0&tw_document_href=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 114
pragma: no-cache
last-modified: Tue, 16 Nov 2021 04:09:07 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 22f9c71efdf2530e99bd574902a40dccbd6810d382d29464f38c003941a444fd
x-transaction: fedad0b741264d10
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame E9BD 0
181 B 42ms
42ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=vrges6n&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&upid=ekg5qxt&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

date: Tue, 16 Nov 2021 04:09:07 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 /
www.google.com/pagead/1p-user-list/930683048/ Frame 8D63 42 B
108 B 360ms
59ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/930683048/?random=1637035747156&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=4230202938&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/930683048/ Frame 8D63 42 B
108 B 351ms
50ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/930683048/?random=1637035747156&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=4230202938&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/994679518/ Frame 28EA 42 B
108 B 388ms
88ms Image
image/gif 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994679518/?random=1637035747172&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2043636756&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/994679518/ Frame 28EA 42 B
108 B 351ms
50ms Image
image/gif 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994679518/?random=1637035747172&cv=9&fst=1637035200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&async=1&fmt=3&is_vtc=1&random=2043636756&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-sdk.imrworldwide.com/cgi-bin/ 44 B
369 B 32ms
32ms Image
image/gif 34.243.165.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-102695&ch=au-102695_b04_subscribe_S&asn=subscribe&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&sessionId=4zrzsbjrajqjhr0zqjklyitta8pjv1637035746&prv=1&c6=vc,b04&ca=NA&c13=asid,PE61ECF8B-8E10-4919-930F-697F3D3DBB98&c32=segA,subscription&c33=segB,NA&c34=segC,DSK-OTT-WinPhn-OtherBrowser&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,b1rgd6v4iarwpp5lcmfv0sungluzu1637035746&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16370357462802306&c30=bldv,6.0.0.615&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1637035746093&c3=st,c&c64=starttm,1637035747&adid=1637035746093&c58=isLive,false&c59=sesid,&c61=createtm,1637035748&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf39deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&c66=mediaurl,&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&c62=sendTime,1637035748&rnd=641176
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.165.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-165-128.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:08 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 328ms
125ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 435ms
45ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 326ms
125ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 429ms
46ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 324ms
124ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 424ms
46ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 325ms
125ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 417ms
46ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 247ms
48ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 412ms
47ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuI... Frame 908B 17 KB
7 KB 267ms
267ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuIlsjPp1jU.L.B1.O/am=AgAB/d=1/exm=Das5Le,IZT63,LEikZe,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrj327ljlsYPxiDCQ6ar40fjrGFx4g/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc43ae868d84d9643b9c47f45a7f01c37c7af898aaac91a95b6ad203581b37a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 17:28:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7260
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 01:23:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires: Sat, 12 Nov 2022 17:28:54 GMT

GET
H3 200 m=lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuI... Frame 908B 8 KB
3 KB 1974ms
1974ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.KuIlsjPp1jU.L.B1.O/am=AgAB/d=1/exm=Das5Le,FCpbqb,IZT63,LEikZe,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,hhhU8,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrj327ljlsYPxiDCQ6ar40fjrGFx4g/m=lwddkf,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2dfec25d5a0e18481c5a48668075483478e5fc7056d7763ae583323d5f9d0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 21:28:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3310
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 01:23:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires: Tue, 15 Nov 2022 21:28:10 GMT

POST
H3 200 log Show response
play.google.com/ Frame 908B 131 B
155 B 324ms
125ms XHR
text/plain 2a00:1450:4001:82f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.QSeeZLvOb9Q.es5.O/am=AgAB/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgX68BmjTC6DCrmR088QWZA03oWEw/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e -, , ASN (),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 16 Nov 2021 04:09:11 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 403ms
47ms Preflight
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 16 Nov 2021 04:09:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 16 Nov 2021 04:09:11 GMT
cache-control: private

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 171ms
171ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 171ms
171ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 171ms
171ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 171ms
171ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A560 0
213 B 334ms
333ms XHR
application/octet-stream 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.stripe.com/0

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a3fe58fb1c69dc35ef2c2c7fcda3fdb2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/octet-stream;charset=utf-8
access-control-allow-origin: https://js.stripe.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 0

GET
H3

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097&ipr=y

42 B
64 B

397ms
397ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=3473182097&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640&ipr=y

42 B
0

50ms
50ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Nov 2021 04:09:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=2136330640&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s72238708864994
metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/ 43 B
213 B 18ms
17ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/s72238708864994?AQB=1&ndh=1&pf=1&t=16%2F10%2F2021%204%3A9%3A10%202%200&cid.&newsnkidcookie.&id=8a66695d58dadd59882459caa779c5af&as=1&.newsnkidcookie&.cid&vid=8a66695d58dadd59882459caa779c5af&mid=49159856810536542513983360397549614036&aamlh=6&ce=UTF-8&ns=newscorpau&cdp=3&pageName=hs%7Csops%7Cshopfront%7Cbreach%2Bshopfront&g=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Feast%252Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%252Fnews-story%252Fbc4aae752ebf3&cc=AUD&events=event8&v1=news%20corp%20au&v2=herald%20sun&v3=herald%20sun%20web&v4=sops&v5=subscription&v6=customer%20details&v9=breach%2Bshopfront&v10=D%3DpageName&v11=D%3Dvid&v14=anonymous&v22=3%3A09%20PM%7CTuesday&v24=New&v34=D%3Dg&v77=D%3Dmid&v125=gp&pe=lnk_o&pev2=event&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=9deba1189b0ccd23c6d%26memtype%3Danonymous%26mode%3Dpremium%26v21%3Ddynamic-cold-control-noscore%26V21spcbehaviour%3Dappend&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&lrt=70&AQE=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 17 Nov 2021 04:09:10 GMT
server: jag
xserver: anedge-6988cccb6f-pptml
etag: 3515507504845979648-4619881511691661659
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 15 Nov 2021 04:09:10 GMT

GET
H2 200 imgNewsNetwork.png
subscriptions.heraldsun.com.au/caas/1.7.5/assets/ Frame BEF2 76 KB
77 KB 9ms
9ms Image
image/png 104.111.230.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://subscriptions.heraldsun.com.au/caas/1.7.5/assets/imgNewsNetwork.png

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

48ac06daa306352ac613f0439a67495733a1ac109541b1be48ac9af87edada1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
last-modified: Mon, 15 Nov 2021 08:22:45 GMT
x-amz-cf-pop: EWR53-P1
etag: "c915ff7bfcf5aa7b7d68b5c7c0910cb0"
strict-transport-security: max-age=600
content-type: image/png
cache-control: max-age=2520837
accept-ranges: bytes
content-length: 78273
x-amz-cf-id: _TT0btoY32TsYEi6hF1lcfBjQia_siAeeke2NXLkRtlFW-HfBcROeQ==

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame BEF2 884 B
608 B 50ms
50ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/1.7.5/722.async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be8c120abfe0dbcaeb4ca22233a76ea27bc25ed5d23a9cc2dcf8c732e6649a50

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 04:09:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 04:09:10 GMT

GET HS_PDO_P0415A_W04
commerceapi.news.com.au/offersapi/offers/ Frame BEF2 0
0

OPTIONS
H2 200 HS_PDO_P0415A_W04
commerceapi.news.com.au/offersapi/offers/ Frame 0
0 2232ms
2142ms Preflight
application/json 2.18.233.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceapi.news.com.au/offersapi/offers/HS_PDO_P0415A_W04
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-api-key
Origin: https://subscriptions.heraldsun.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: application/json
content-length: 1
x-amzn-requestid: 95ac8d91-d6d2-4dda-99d8-eabfeee776f5
access-control-allow-origin: https://subscriptions.heraldsun.com.au
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
x-amz-apigw-id: I4REZGK6ywMFuxA=
access-control-allow-methods: OPTIONS,GET
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: 99PVZCCFZWaaa29BxI1IzeTEqXGcjrC33E6bZDV2wMpEJv2n0EvN7Q==
date: Tue, 16 Nov 2021 04:09:12 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/ Frame BEF2 348 KB
136 KB 247ms
83ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fc0076a36c38f39206bb258eeb8bc8e383b96a6ccd26024b0b088d9e0b192af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subscriptions.heraldsun.com.au/
Origin: https://subscriptions.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 23:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139079
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 21:26:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Tue, 15 Nov 2022 23:59:36 GMT

GET
H2 200 m-outer-f7902241893e7a497417843cb15dc858.html Show response
js.stripe.com/v3/ Frame 40F9 240 B
688 B 7ms
6ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/

Response headers

last-modified: Wed, 27 Oct 2021 22:19:31 GMT
etag: "f7902241893e7a497417843cb15dc858"
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Tue, 16 Nov 2021 04:09:10 GMT
via: 1.1 varnish
age: 12
x-request-id: cdfa99a3-59b2-4601-bb6a-c98d97de3ffa
x-served-by: cache-hhn4031-HHN
x-cache: HIT
x-cache-hits: 4
vary: Accept-Encoding
timing-allow-origin: *
cache-control: max-age=60
content-length: 141

POST
H2 200 csp-report
q.stripe.com/ Frame 40F9 0
347 B 529ms
189ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.stripe.com/csp-report
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Feast%2Fproject-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child%2Fnews-story%2Fbc4aae752ebf39deba1189b0ccd23c6d&memtype=anonymous&mode=premium&v21=dynamic-cold-control-noscore&V21spcbehaviour=append&nk=8a66695d58dadd59882459caa779c5af-1637035742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://js.stripe.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
server: nginx
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
x-envoy-upstream-service-time: 19
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length: 0

GET
H2 200 m-outer-639174098ea8fe7fede6fa654790e8ec.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 40F9 1 KB
809 B 8ms
7ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 11
x-cache: HIT
content-length: 645
etag: "5213886b88cd72e6d0aebc89868e5d13"
x-request-id: 1412f68e-849a-428f-8bf6-023a27583112
x-served-by: cache-hhn4031-HHN
access-control-allow-origin: *
last-modified: Mon, 25 Oct 2021 19:35:20 GMT
server: Fastly
date: Tue, 16 Nov 2021 04:09:10 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3

GET
H2 200 inner.html Show response
m.stripe.network/ Frame D7D8 932 B
1 KB 15ms
6ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js.stripe.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: max-age=300, public
content-security-policy: connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; font-src 'self'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Tue, 16 Nov 2021 04:09:11 GMT
via: 1.1 varnish
age: 50
x-request-id: 7a2adfef-9a20-4c46-b0bb-69a3c8f917ac
x-served-by: cache-hhn4031-HHN
x-cache: HIT
x-cache-hits: 17
x-timer: S1637035751.008155,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 528

POST
H2 200 csp-report
q.stripe.com/ Frame D7D8 0
122 B 931ms
631ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
x-envoy-upstream-service-time: 462
server: nginx
content-length: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload

POST
H2 200 csp-report
q.stripe.com/ Frame D7D8 0
122 B 488ms
189ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
x-envoy-upstream-service-time: 19
server: nginx
content-length: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload

GET
H2 200 out-4.5.41.js Show response
m.stripe.network/ Frame D7D8 85 KB
16 KB 7ms
7ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.41.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 42
x-cache: HIT
content-length: 15786
x-request-id: b174452f-664d-439f-9173-405f1f6d45c3
x-served-by: cache-hhn4031-HHN
server: Fastly
x-timer: S1637035751.023704,VS0,VE0
date: Tue, 16 Nov 2021 04:09:11 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 10

POST
H2 200 6 Show response
m.stripe.com/ Frame D7D8 156 B
518 B 516ms
170ms XHR
text/plain 34.208.187.153

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.187.153 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

ed8e31bc86c6cf92a2422b16641cfa34e024ca322531bc32579e947574ed3390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 04:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

GET
DATA 200
OK truncated
/ Frame BEF2 520 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 698b75b34c376b73b97acf42f0ec14f3554b420e658c4fe98d87721e4b5f7d8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BEF2 466 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48e995c834f9cbb64904650cbb722ab0c92effb6c59cf493aa055fcc1fc0417a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Charter_Bold.woff2
subscriptions.news.com.au/media/fonts/Charter/ Frame BEF2 11 KB
11 KB 9ms
9ms Font
binary/octet-stream 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter_Bold.woff2
Requested by: Host: subscriptions.news.com.au
URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 45a844d6787e4364f8c0ab321b2d5680d48604886d045685b6bf9c582518db9d

Request headers

Referer: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Origin: https://subscriptions.heraldsun.com.au
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 1b6Z9wm5mjr_.l.HoLoCCXx3v3T_1CSx
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
etag: "d7b524ce6a47a156d5f7767297b358f7"
age: 13030
x-cache: Hit from cloudfront
content-length: 11024
last-modified: Wed, 23 Sep 2020 08:43:11 GMT
server: AmazonS3
date: Tue, 16 Nov 2021 00:51:54 GMT
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: hFkKbp25UDSVhTpAeMe9h_AsNpJmyOh9yNGWy7-SDUSbms_Lq6MlRA==

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame A36F 8 KB
0 62ms
61ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLmhlcmFsZHN1bi5jb20uYXU6NDQz&hl=de&v=yZguKF1TiDm6F3yJWVhmOKQ9&size=invisible&cb=51b9ijybx6is

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ym1dj5CYjnQzdf91EvFoEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://subscriptions.heraldsun.com.au/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Nov 2021 04:09:13 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ym1dj5CYjnQzdf91EvFoEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21038
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST log
play.google.com/ Frame 908B 0
0

GET styles__ltr.css
www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/ Frame A36F 0
0

GET recaptcha__de.js
www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/ Frame A36F 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.newscorpaustralia.com
URL: https://login.newscorpaustralia.com/akam/11/c98e109

Domain: login.newscorpaustralia.com
URL: https://login.newscorpaustralia.com/lFQ9yn7NN/U3Cpp3i/vA/7zOztGSz/CBpnMBcC/RGty/Zm4DYAgB

Domain: news.google.com
URL: https://news.google.com/swg/js/v1/swg-button.css

Domain: login.newscorpaustralia.com
URL: https://login.newscorpaustralia.com/lFQ9yn7NN/U3Cpp3i/vA/7zOztGSz/CBpnMBcC/RGty/Zm4DYAgB

Domain: commerceapi.news.com.au
URL: https://commerceapi.news.com.au/offersapi/offers/HS_PDO_P0415A_W04

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/styles__ltr.css

Domain: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/recaptcha__de.js

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

80 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.heraldsun.com.au/leader/east/project-motion-martial-arts-instructor-aaron-smalley-charged-with-sexual-penetration-of-a-child/news-story	1970-01-20 07:29:31	Name: nk Value: 8a66695d58dadd59882459caa779c5af
sc-static.net/scevent.min.js	1970-01-19 22:45:22	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
.heraldsun.com.au/	1969-12-31 23:59:59	Name: n_regis Value: 123456789
.news.com.au/	1970-01-21 01:00:43	Name: nk Value: 8a66695d58dadd59882459caa779c5af
.heraldsun.com.au/	1970-01-21 01:00:43	Name: nk Value: 8a66695d58dadd59882459caa779c5af
.heraldsun.com.au/	1970-01-19 22:44:02	Name: bm_sv Value: C28F9FFC94DC16B532B9E5AE38B2F2F9~X4sHsE/au9tC4N/gsXZ20GYYROqCrIwnIbzbleD54zVz5nC2Hv+SEGu3O3wqHSWxyhe2SFd6akwC9TvHzIQNVIAZAi/VLWbEUddTWRI9/VlBW9mzz9Im/i4ntU3Co+LvKKU5EV2G+4M4Hc9hKZRFUc/uDjTCz+Np2tkJMA0U1VE=
.heraldsun.com.au/	1970-01-20 03:03:07	Name: optimizelyEndUserId Value: oeu1637035744640r0.09274280500972276
.heraldsun.com.au/	1970-01-19 22:44:02	Name: bm_mi Value: F1C186710D666F3F8DA38AFDD47FD492~cdDlmoXeqTxDXt2Veg1zFZLP5Mmi34B6r+e15ev7WeG68mhr1L+XebkK9C6vq1Gj19NwtrUzOxvgA+RLlUdRu3VR0mq44Upbs3GOY7PCTENm8ZZ570YDYDeAGC7z2+cZH2gqeKVso+fuNAPYTjlTUWteq9K+1F2jQHauKrU7DbUd10nhY252YuyVt66oRDgS1oL/FdbTDhOAUaojDCYuWk8fF8rr1KI596en88cIW6qCvgygA/C5Czq7epq5xZJ3cO0vcNGmh8G/0DzufBlSRAJBMP/c9nHcUTawmOd2yocvIHiTq+627FCvkqEiTBJW
.demdex.net/	1970-01-20 03:03:07	Name: demdex Value: 49138798238618946413985457423554896590
.heraldsun.com.au/	1969-12-31 23:59:59	Name: AMCVS_5FE61C8B533204850A490D4D%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 07:29:31	Name: everest_g_v2 Value: g_surferid~YZMu4QAAAIL_cgQA
.dpm.demdex.net/	1970-01-20 03:03:07	Name: dpm Value: 49138798238618946413985457423554896590
.adnxs.com/	1970-01-20 00:53:31	Name: uuid2 Value: 88579922939553704
.turn.com/	1970-01-20 03:03:07	Name: uid Value: 3910326146884613016
.doubleclick.net/	1970-01-20 08:05:31	Name: IDE Value: AHWqTUkWKdwfG2bmhNVk76e1zrmIOCJyAlyOBJwgUpsjxNbY6n_TcA5eiC1lWHOPt6A
.adsrvr.org/	1970-01-20 07:29:31	Name: TDID Value: cd972633-6b5a-48e9-b1d5-0cbe00e75ea3
www.heraldsun.com.au/	1970-01-19 22:54:00	Name: AWSALB Value: x1Vr40cYoaNlkGuejn2FXIoW8r0R9hWYCdig5K4odSX8BWtM/m7j94rQsCeSg4hJNOLtr5M9OzySIrYOrdarNBOSBqgjEpWAbxKw6HBTyYWJFbAYHBjvxSLC8EQY
.heraldsun.com.au/	1970-01-19 22:44:02	Name: ak_bmsc Value: 0254F60065B9E16127932532493F879C~000000000000000000000000000000~YAAQtLoQAtAmbiJ9AQAADSLvJg1QwD9LxJ+tc5AjOoF++7zBYEmQTl1xQVey5SxbJAqyNSryMi84naNe/MJFzfZYla3+3RFoaZwO7M5CAW45rJS1+F9P1RledJtkwPIu+BYMw7kdpiBqcbWLG+dVwvGjJqKYbibWVp5OT3+2TK4J7ZJ5xwMelYWBol2TgQ/WnxxhtSEi4L6GcqrbFG0ODkY9eppw15HhOJCtskGOMPHOHMj3Ya0JhjCkQMtPHd6e+/OgV9RKxXYx+68RHUOIN0Cir6xn0tEckHzgDK9ucSUud+zUpNuf/kud/gxM89RtYMRb4d8JVBAaYnHuNPieKZ3MVSR88sKI0ymYANO9f3dkldsBeacwpg8aWK340MXPIw9qf1RfN3jOlwsHFlT9fmvRtCdI9fAmFh/sDzIG
www.heraldsun.com.au/	1970-01-19 22:54:00	Name: AWSALBCORS Value: x1Vr40cYoaNlkGuejn2FXIoW8r0R9hWYCdig5K4odSX8BWtM/m7j94rQsCeSg4hJNOLtr5M9OzySIrYOrdarNBOSBqgjEpWAbxKw6HBTyYWJFbAYHBjvxSLC8EQY
.adsrvr.org/	1970-01-20 07:29:31	Name: TDCPM Value: CAESEgoDYWFtEgsI9Mrz0ZuwlDoQBRgFIAEoAjILCObh0v6xsJQ6EAU4AQ..
login.newscorpaustralia.com/	1970-01-20 07:29:53	Name: did Value: s%3Av0%3Af0921dc0-4692-11ec-9666-472b71786356.0GJNBIFRk1Mn5j1N%2B2KAqZs6bd2waiDk55jeN9%2FpAos
.casalemedia.com/	1970-01-20 07:29:31	Name: CMID Value: YZMu4WqdDfIDy-E5GcIvQQAA
.casalemedia.com/	1970-01-20 00:53:31	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-20 00:53:31	Name: CMPRO Value: 1213
.heraldsun.com.au/	1970-01-20 07:29:31	Name: utag_main Value: v_id:017d26ef22d0004175d66d623ea803072016906a00b08$_sn:1$_se:1$_ss:1$_st:1637037546002$ses_id:1637035746002%3Bexp-session$_pn:1%3Bexp-session
.heraldsun.com.au/	1970-01-20 07:29:31	Name: nc_eu Value: y
.eyeota.net/	1970-01-19 22:43:56	Name: SERVERID Value: 21778~DM
.google.com/	1970-01-20 03:07:26	Name: NID Value: 511=QB0yr0Bh3Eaj0ceBYfqKZokgxfwstpXh-HQqpq1OlT69StjPT32Qnz9rfvEEkXaq6tHJP2r7X2YEi4WEgxgpXlJmhlXZKz-hB0EGvdA_9kHx4lS4gK4maNoj2uqeIxLzfTxBYjqEoq80pAAQlFSBaggCWpSQ1MgqDsHATfq4h1w
.heraldsun.com.au/	1970-01-19 22:43:57	Name: _ncg_sp_ses.ff50 Value: *
.heraldsun.com.au/	1970-01-20 16:15:07	Name: _ncg_sp_id.ff50 Value: 7dd5e05e-bc38-4205-a6bd-cc56a7bc6fac.1637035746.1.1637035746.1637035746.4a04a8a8-8787-4fa6-b278-6a649f2ade98
.heraldsun.com.au/	1970-01-20 16:15:07	Name: AMCV_5FE61C8B533204850A490D4D%40AdobeOrg Value: 77933605%7CMCIDTS%7C18948%7CMCMID%7C49159856810536542513983360397549614036%7CMCAAMLH-1637640546%7C6%7CMCAAMB-1637640546%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1637042946s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18955%7CMCCIDH%7C1015694546%7CvVersion%7C4.5.1
www.heraldsun.com.au/	1970-01-20 08:12:43	Name: _cb_ls Value: 1
www.heraldsun.com.au/	1970-01-20 08:12:43	Name: _cb Value: xKsWVDCr2GtBt5Ife
www.heraldsun.com.au/	1970-01-20 08:12:43	Name: _chartbeat2 Value: .1637035746214.1637035746214.1.BjGuISCxBzd7bai4KC7U6qDCphB2g.1
www.heraldsun.com.au/	1970-01-19 22:43:57	Name: _cb_svref Value: null
.heraldsun.com.au/	1970-01-20 08:13:42	Name: _scid Value: ab0e2c82-2a27-4a84-b130-70fad5bbf457
.heraldsun.com.au/	1970-01-19 22:43:57	Name: s_gdslv_s Value: First%20Visit
.heraldsun.com.au/	1970-01-19 22:43:57	Name: s_ppn Value: hs%7Csops%7Cshopfront%7Cbreach%2Bshopfront
.heraldsun.com.au/	1969-12-31 23:59:59	Name: tp Value: 3151
.heraldsun.com.au/	1969-12-31 23:59:59	Name: s_ppv Value: hs%257Csops%257Cshopfront%257Cbreach%2Bshopfront%2C38%2C38%2C1200
.heraldsun.com.au/	1969-12-31 23:59:59	Name: s_cc Value: true
.scanscout.com/	1970-01-20 07:29:31	Name: uid Value: CI-fd085809ebee7274c385242d8d712f0f
.scanscout.com/	1970-01-20 07:29:31	Name: UIAA Value: 49138798238618946413985457423554896590
.scanscout.com/	1970-01-20 07:29:31	Name: UIXX_UPDT Value: "UIAA=1637035746223"
.snapchat.com/	1970-01-20 08:05:31	Name: sc_at Value: v2\|H4sIAAAAAAAAAA3EyREAIAgEsIqYAZRFyhGPKihe88jB4uuuZGpJfQAUIj+LrSEj584qQXNu5h3FD7Z2F2EyAAAA
.imrworldwide.com/	1970-01-20 08:05:31	Name: SSCVER Value: v1
.imrworldwide.com/	1970-01-20 08:05:31	Name: IMRID Value: f1061540-4692-11ec-b73f-cb9477a71040
bs.serving-sys.com/	1969-12-31 23:59:59	Name: OT_6630 Value: 1
.serving-sys.com/	1970-01-20 00:53:13	Name: ActivityInfo2 Value: 00452vAcn0_0049jQAcn0_004c3mAcn0_
.serving-sys.com/	1970-01-20 00:53:13	Name: G4 Value: 0009bU00De_0009fM00De_
.serving-sys.com/	1970-01-20 00:53:13	Name: OT2 Value: 0001DC1pqn
.serving-sys.com/	1970-01-20 00:53:13	Name: u2 Value: 08a82f87-6fcd-4000-a9b0-761ca6f6927e4E2060
.krxd.net/	1970-01-20 03:03:07	Name: _kuid_ Value: OfAk8F4i
.yahoo.com/	1970-01-20 07:29:53	Name: A3 Value: d=AQABBOIuk2ECEHZG5XS4mpXGqgu1fBEou9MFEgEBAQGAlGGdYQAAAAAA_SMAAA&S=AQAAAm559OyABji6Jx3DT976Yos
.casalemedia.com/	1970-01-19 22:45:22	Name: CMST Value: YZMu4WGTLuIA
.casalemedia.com/	1970-01-20 07:29:31	Name: CMRUM3 Value: 5861932ee22760YZMu4QAAAIL_cgQA
.adnxs.com/	1970-01-20 00:53:31	Name: anj Value: dTM7k!M4.FF7/.XF']wIg2E>4u[X%k!fss0=RtT_qx_)Cn^').slzc-JIH[xtWLDA'x2Q4JWELBVkq^9RkhA(2[RyhQvbM2AZ^^<T[q0t!NZ3I?-6c+B(s
.mookie1.com/	1970-01-20 08:12:43	Name: id Value: 10523364219531445963
.mookie1.com/	1970-01-20 08:12:43	Name: mdata Value: 1\|10523364219531445963\|1637035746771
.mookie1.com/	1970-01-20 08:12:43	Name: ov Value: 7be1d016f180665b2b31b3d7725cc1ee
.openx.net/	1970-01-20 07:29:31	Name: i Value: fcad1c1d-2d14-4ff7-9f33-5f475c18e158\|1637035746
.heraldsun.com.au/	1970-01-20 00:53:31	Name: _gcl_au Value: 1.1.194136279.1637035747
.linkedin.com/	1970-01-19 23:27:07	Name: UserMatchHistory Value: AQLyxCe6ZGtHVQAAAX0m7yaKcojQtq8GrBWpXQM6IZ9FdJZjkh39k7DTLUcU8smReMtzJEBkqzlkLQ
.linkedin.com/	1970-01-19 23:27:07	Name: AnalyticsSyncHistory Value: AQIoCCX8cIlCiwAAAX0m7yaKVKCDD1um-BITfc4wl46coCAZ6OagnWujQBciz9ubInSuzi4TEUAZUxFAQ4qUpA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:15:49	Name: bcookie Value: "v=2&7821c338-6258-49b2-8516-ea24211ecb40"
.linkedin.com/	1970-01-19 22:45:22	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2642:u=1:x=1:i=1637035746:t=1637122146:v=2:sig=AQEhLIdHhPO6DiYX1grsm48MRY7mKay9"
.pubmatic.com/	1970-01-20 00:53:31	Name: KRTBCOOKIE_218 Value: 4056-YZMu4QAAAIL_cgQA&KRTB&22978-YZMu4QAAAIL_cgQA&KRTB&23194-YZMu4QAAAIL_cgQA&KRTB&23209-YZMu4QAAAIL_cgQA
.pubmatic.com/	1970-01-19 23:27:07	Name: PugT Value: 1637035747
.pubmatic.com/	1970-01-20 00:53:31	Name: PUBMDCID Value: 3
.spotxchange.com/	1970-01-20 07:29:35	Name: audience Value: f1724357-4692-11ec-820a-14c817940106
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 16:15:49	Name: bscookie Value: "v=1&20211116040907f6caf0d1-ddb9-4902-89d0-5999d1e547f3AQHg2EjFlsp99tMkkLCG_zWXqEIIl2c2"
.linkedin.com/	1970-01-20 16:10:26	Name: li_gc Value: MTswOzE2MzcwMzU3NDc7MjswMjFqXGAbOTMHEQ316nAvCC8LJY2CrekTv2UGgz6raklGgg==
.demdex.net/	1970-01-20 03:03:07	Name: dextp Value: 358-1-1637035745261\|470-1-1637035745362\|481-1-1637035745463\|771-1-1637035745564\|903-1-1637035745666\|19566-1-1637035745768\|23728-1-1637035745873\|30432-1-1637035745976\|30064-1-1637035746081\|66757-1-1637035746208\|134096-1-1637035746324\|144230-1-1637035746431\|144231-1-1637035746588\|144232-1-1637035746689\|144233-1-1637035746790\|144234-1-1637035746891\|144235-1-1637035746991\|144236-1-1637035747100\|144237-1-1637035747200\|147592-1-1637035747301\|461447-1-1637035747402
.1rx.io/	1970-01-20 07:29:31	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 07:29:31	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-ba3e8e69-9c3f-42b1-aa0f-6ed353325a3b-003%22%7D
.twitter.com/	1970-01-20 16:15:07	Name: personalization_id Value: "v1_K8AHBAwSE43Pj+8LxSVSXw=="
.heraldsun.com.au/	1970-01-19 23:27:07	Name: s_nr Value: 1637035750687-New
.heraldsun.com.au/	1970-01-21 01:00:43	Name: s_gdslv Value: 1637035750687

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22) Message: Unrecognized feature: 'conversion-measurement'.
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22) Message: Unrecognized feature: 'conversion-measurement'.
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22) Message: Unrecognized feature: 'conversion-measurement'.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

493ebe83b5ecdef71aade700ade9c96c.safeframe.googlesyndication.com
4zrzsbjrajqjhr0zqjklyitta8pjv1637035746.nuid.imrworldwide.com
8228261.fls.doubleclick.net
a20352597942.cdn.optimizely.com
acdn.adnxs.com
adservice.google.com
adservice.google.de
analytics.twitter.com
au-gmtdmp.mookie1.com
au.tags.newscgp.com
beacon.krxd.net
bs.serving-sys.com
cdn-gl.imrworldwide.com
cdn.newsapi.com.au
cdn.optimizely.com
cm.everesttech.net
cm.g.doubleclick.net
commerceapi.news.com.au
d.turn.com
dpm.demdex.net
dsf.newscorpaustralia.com
dsum-sec.casalemedia.com
dt.scanscout.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image5.pubmatic.com
insight.adsrvr.org
js.adsrvr.org
js.stripe.com
login.newscorpaustralia.com
logx.optimizely.com
m.stripe.com
m.stripe.network
match.adsrvr.org
metrics.heraldsun.com.au
news.google.com
newscorpau.demdex.net
newscorpau.sc.omtrdc.net
pay.google.com
ping.chartbeat.net
pixel.rubiconproject.com
pixel.wp.com
play.google.com
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
q.stripe.com
r.stripe.com
sc-static.net
secure-ds.serving-sys.com
secure-sdk.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
snap.licdn.com
sp.analytics.yahoo.com
ssum.casalemedia.com
static.ads-twitter.com
static.chartbeat.com
stats.wp.com
subscriptions.heraldsun.com.au
subscriptions.news.com.au
sync-tm.everesttech.net
sync.1rx.io
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
t.co
tags.bluekai.com
tags.news.com.au
tags.tiqcdn.com
token.rubiconproject.com
tr.snapchat.com
trc.taboola.com
us-u.openx.net
usermatch.krxd.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.heraldsun.com.au
www.linkedin.com
commerceapi.news.com.au
login.newscorpaustralia.com
news.google.com
play.google.com
www.gstatic.com
104.111.215.191
104.111.230.77
104.244.42.131
104.244.42.5
104.75.88.194
108.174.10.14
142.250.181.226
142.250.184.226
142.250.185.195
142.250.185.206
142.250.185.66
142.250.185.67
142.250.185.98
142.250.186.104
142.250.186.129
142.250.186.38
142.250.186.98
143.204.94.161
143.204.98.110
143.204.98.115
143.204.98.86
15.188.95.229
15.236.176.210
151.101.192.176
151.101.65.108
151.101.66.49
18.184.90.3
185.33.221.14
185.33.221.90
185.64.190.80
185.94.180.126
192.0.76.3
199.127.207.184
199.232.136.157
2.18.233.169
2.18.233.180
2.18.233.28
2.18.234.21
2001:678:cb4:bbbb::13
212.82.100.181
213.19.147.44
216.58.212.162
216.58.212.164
23.67.128.30
2600:9000:2156:4a00:1d:667e:2a40:93a1
2600:9000:2156:600:18:1fcd:34f:cdc1
2600:9000:2156:9600:2:42d9:3100:93a1
2620:119:50e5:101::9002:c05
2620:1ec:21::14
2a00:1450:4001:80e::2003
2a00:1450:4001:813::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::200e
2a00:1450:400c:c00::5c
2a02:26f0:6c00:2a0::13b8
2a02:26f0:f7::5c7b:e053
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::300
2a04:fa87:fffd::c000:4298
3.122.214.165
3.248.38.136
3.33.220.150
34.208.187.153
34.232.240.103
34.240.91.113
34.243.165.128
34.248.191.66
34.98.64.218
35.186.226.184
35.227.202.26
52.208.185.108
52.6.232.190
54.187.119.242
54.187.159.182
54.85.166.2
69.173.144.138
69.173.144.139
95.101.27.30
032b2cd62ca53bd3edf67462afb364442044e4338d4eedf1269375bc238682d8
088b0f8723c3f59471aa21a3e87761129f52c40cd6ff727a6bafc6e93ad2692b
0b3376aa27741ca90899fed12bcccbf1ea22edb596846ba6b26e263463686590
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0e8820954a291bb4e89b0f7e0accb37839b4e3322e70ce2fe9b01050b33556be
0ea80a5582f5098378c85e19a4ef16d3fdfb553df3549551c935fb1dd95f09e9
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fc0076a36c38f39206bb258eeb8bc8e383b96a6ccd26024b0b088d9e0b192af
0fc8a6e495e7cd447608aea7e0cd59b0e79bd4e74822d428c53880ac0db6c469
11201091646948ee46f45c955410429537df83117042aa4842761607e30efe09
113a741a94d0bf5d7736bdb1a1e764b8477f7d48dfa5dedbced8c8ea35aa3b41
11abac554a1bf90bbeb5d8e033feff92cbd15963bfcb617f01c8a8fabb44646f
153c03f29a896f83de934e7aac4d5f33c99c46484e10316f0336f62926f586b1
159bfe00b2df93ed4d17169a589a60db817b8416a697101f0d4603690cf9e27e
176a4d7346001286ad894be3cc341bd466f932e48f947c14deddd5ce422ac519
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
1bc3625c4e923d79a85677113b548e5444129ead716d43e10e2a6e9d56939143
1c022ffd6e0b2f9f0df2b649a37dc141fe2c9b979660c3fe33d2d6efc3eb7794
1cbf8436e87e25f67ed640e9ce5ede3fb07d0c517ae9bee6c705fc6e381faaaa
1de7a6ff119f07e05d189dc1f7132c33dd9ef92445869ab4df32151c02ed644f
2396fd68fc1bf3336fa35af6639825e10f0881cb74e6bf78a10916c075b23909
256a2e50c4f42579e82bd8461552633525a26a8f92d9ef96287961c53ea663e4
27873296fc74fcf7de331a0c0e3a7dc8bb8dbe8dedd7b73c3979e10a343caf00
28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea
2abb7e88d7c41bc428364b1e15a43a60b39856382e2482bada2607f3996ca9af
2b26b84e5f71a4c4c02e099b3ac41127993bb37309ec0a70cc940105261bbad9
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
30e9e4a6c8ef73ebfacb16773d82f28149afd39594f62791ab09150c341424d4
388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33
39e27103d4049f6b8f0c3ef58efe8c15220de978810db235180b0f66bb4660f0
39f09957410016f42651cfba04fd86ab44e9a87df542d43c7568c05d7ed2adff
3e04d38fcbc12494d5d6ce8eb4230a369f42e8a40368cad922c61197b34ff0a8
4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a844d6787e4364f8c0ab321b2d5680d48604886d045685b6bf9c582518db9d
46fab4e43aca3f13f50005bb32123ef8d4d9caba65f1cc70751081f70292f704
4768c9c09426579117c9cc397f7bffc83c22b7ebe652b2fa492496ae8b680ab2
486bfd7abe66605adf29acea3e537ff8973f9bfc5ccf4d47e6764f3f0a51a55c
48ac06daa306352ac613f0439a67495733a1ac109541b1be48ac9af87edada1a
48e995c834f9cbb64904650cbb722ab0c92effb6c59cf493aa055fcc1fc0417a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9a4bc2f0f3c6dced7dea96969432e2b7f6317fa1039e72256ee8d7e79cdb6a
4d0d8a99dd7acf51cc9d43e935837f3fba2661c95c6c53ecd12980257246a456
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e1a4f2c605f26bcf80a2cd8e5d48e887c2062a53cd1d993cb05250223e386a6
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
56bc687b2a58d0145a7ab051dba9a1c8d64ff4bc048122726ed0960686e6d2e6
584636fcdd2f830ca05c57bf62f63e6576a721e434d01bf88c0621c60ccf5969
5d345e08d4af916f03d9cf0f168817158294d800a94ea2fc9fa9f3e41abb3a46
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
604496ee6acca620cd59265c2302f6a03fe02d65bc5306d952f0fa94d92fa5c8
628989c0489fd94893084deecfa37db929a50fa9e688dcacdcd86e6d13d0b78f
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7
666556ad166a083e88cc14d5ddc1848023a3757f887d5711ccaee0835f8b9cba
6797d9000ae3c1521e174b53898240f161dbf04d739bddece5dcf5c0c52aa39d
698b75b34c376b73b97acf42f0ec14f3554b420e658c4fe98d87721e4b5f7d8a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
71a55578d53e666ef644669139972f47092d97114a67c8b251f155ef6c19c15d
725d6c48c92e3fdb2b8a8bd01a5216b8d69917c040f4badb78a0a5181a35362e
7862c8a10f76771bce9b240ff44339e8f444badce863a193160fcf2bc887f349
78e9525f27478abe1dc785fa56d07b2594cb7e0a5d2b6653a5b0dddbabdae769
79f1ad148832267276e77dd51633ae2847e1d2e4885855759aa112a569ef007f
7a5886e1bebe9472d5627dfabd91535410d64ab9fce83791708d4a5fa8271847
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7eb243627ed4013b84418c9fe94ee3b9907906ace4de00965ff3b3b33a9f151c
7f4dc362c04e1d8cbf1aa27a4c2a920851879f07afe2ab4b13073be2c8db1546
7f9790dad2aa6913a070ea1b9abd98035636b8156a9b699d7320174a4a5197eb
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
82d8f9e43991ed1ad3e24a47253db1aee093d6fb43c185f1f4e19a5d00fb423c
851e4d8abe50a401de7f6cfe500a24af40dca9ae9f2418ac81b271ead5daf2e8
8640916aba1207e4fcff9c894252543689989434cd9fc0dabd4cee60b3e763a5
86e8ed098febe4691b72980ac9bb22f6370cd6fb7fd50f2fc3ca41f5a24c6ed7
89734c02492d82d9541efd36f0536204494afdc762a0676a1041b9907af3ffed
89de2f207fac8289b2b0d7300b282db8347db9f3098a30662c72ced8c199971c
8a9bdf4334da3cfdb98da986e99e81b53a63c18720e099c71a9b785ff6b7feea
8cd08e54442fec70d5acfa5a69f9d177b21ab3876571c2623c6ab1aef1622f0e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d71991bd9a30292dc8bebba8efe583c89c8ef8eea9d2b3c2573f00ba72d75e5
8d8017dcf0215335c597e2a4fb3b1d49aa74002d020078689b5c7f6dbf2fd5a7
8e7400df47a13dcc2dffdba99dab86ff4ef60897c5e1ffbc76a8833315ff27a7
8f213f4d04dbf45b8270951f782d4681115bea3c957436da078697c091bd3c21
9432d61b83af5d779cdaf31c7857bbd39cc93529a053ad9c8c39f2e8a832e89e
9e2dfec25d5a0e18481c5a48668075483478e5fc7056d7763ae583323d5f9d0f
a048bf2fe7753a55b48bd445a1eb31ba16736026784ac6c933e43ddfd7f39185
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
a3155980f17aa9810c11e073b810370bf031cfa09d2323f003c80ad1877035bc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74ee153a33537906db9ae7c9ff1093972c1b82334469726ae00ecb0931df6a6
a86e367c410aeae763f5e66015e6ce692957cec67f31162d9cbfc217a795f0ee
ac4fa01d0f15c84238d84f75fa38e45717c42ea8e1e4230c973722cab1a30d67
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae3b07b4d9eb90bca5ac3747a97b2a52dfdc2eff8ad0180ebf9b4bd2084ff0d2
afafb6912738ae3ebff33f4672b5935e81449979521f3c50a846adc240635279
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6ed52620b0e664886b8e980fe5acc99a3abcdfc1e63ab42cfaab3f5c37d2cc3
bb9b6f92bd9016c06fb83fd16a6d2a5be17326743db4180420bb46dc51660442
bc2e379a08aafb6806d5a8dfed3e4d596bf4c745945fbe4191615f55372f4e55
be8c120abfe0dbcaeb4ca22233a76ea27bc25ed5d23a9cc2dcf8c732e6649a50
bfa67e2ce103d04234fa84f7595c316d23f46eed219683f06e264fb27dc91637
c14cd8b7503a80c13ac6364ccb0040ff33947c11472ace08db00cd666569ee97
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c234d3a6e7ff0a41542220e1202ea768bffeca48680c47de404653fa040a9c7c
c33c60d014227b42c513820e6d750cced736cda305beb7d6a20e35afe502648c
c396347e55c5ff7f20197f025b592802eecc32598d791f74ecacfb538a2a1d5d
c5b38450048b03e889ee40e4707d404058095409824e3f3dc406fbc95910a11d
cae33cb68be6224b56eb3d1a97050fabc324ba13f953d777a0f57e5b40f7803a
cc43ae868d84d9643b9c47f45a7f01c37c7af898aaac91a95b6ad203581b37a4
ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7
cf2523dd7ea34873e419b1d7daa7c17946eafc79c01e68fc32163ffaf517f913
cf3b2803b89ea7487c5d3d0104c7ff4edb35d12fd865fb98f83b1502d01437fa
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff
d1a26160c500ecfa0bd92c91c776b507b90bb94a2598b0c86bc292f7df4e0fc0
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
dbae6830a9fae84807cbc0284097f3576175cf145d2b0ef87126b36db276de71
dbb1a028b5ad03f0f8209936fefe8247688c9ccb1c879cdbf4c932e569c5abc8
dbecb119cfb386410c10893ec4f1b96297bcfec28c1c0453ec952bca2e6cfd7d
dd1635901b83a441799b9c2a9cc3cd4ed5fd32407728219f93c26024963eca20
ddd84b76ce8d039b6093c8288a18c647a2a5ab876cae66d4f35d1958bbd47dc4
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfad6d1cecf7337dcd922f1fab22a655d9e28aedddebb6d8ef5c07c8c277009b
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e30565d344697a80f05882c11755c6d6a71626791bbc124df343b5edc7901312
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5006c74add9d64b4176466ac19de9b305f00608e15ee220ce576eaea45c9bb4
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e805a14f988644c4f67fb1c6272968d50b15ba97712242407c26ee86b4991796
ea98d785faefcce6010127439cefe944b44a85a06380402ee3ecb28b3b8fb114
ece70e751af05572df7513e5e904bcd69f32e7616718fec9e945a2e2924b8a26
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
ed8e31bc86c6cf92a2422b16641cfa34e024ca322531bc32579e947574ed3390
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e
f2696e8eb9d876987998374c51e4d14a24f6f24a23fe697493ebf761c3bcc4b9
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6a9ed90057ad36a18b61529450500cf51a3a6878960eace920c4e10ccd99ca9
f9e86498a37fc0c52d02eadc844230eb0886c1a7f5fb907cb92f2a250ec7831b
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.heraldsun.com.au Open in urlscan Pro 2.18.233.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

253 Requests

86 %HTTPS

23 %IPv6

50 Domains

84 Subdomains

70 IPs

7 Countries

3020 kBTransfer

8742 kBSize

80 Cookies

15 Outgoing links

Page URL History

Redirected requests

253 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.heraldsun.com.au Open in urlscan Pro
2.18.233.28 Public Scan

Screenshot
Live screenshot

Full Image

253
Requests

86 %
HTTPS

23 %
IPv6

50
Domains

84
Subdomains

70
IPs

7
Countries

3020 kB
Transfer

8742 kB
Size

80
Cookies

253 HTTP transactions
4 data transactions