urlscan.io logo urlscan.io
SecurityTrails logo

www.afr.com Open in urlscan Pro
2a04:4e42:600::645  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh#Echobox=1637265959
Effective URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Submission: On November 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 62 IPs in 9 countries across 49 domains to perform 188 HTTP transactions. The main IP is 2a04:4e42:600::645, located in United States and belongs to FASTLY, US. The main domain is www.afr.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 6th 2021. Valid for: a year.
This is the only time www.afr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
39 2a04:4e42:600... 54113 (FASTLY)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:21f... 16509 (AMAZON-02)
5 142.250.186.98 15169 (GOOGLE)
1 23.67.128.30 16625 (AKAMAI-AS)
4 2a03:2880:f02... 32934 (FACEBOOK)
1 13.225.78.103 16509 (AMAZON-02)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
3 2a00:1288:80:... 203220 (YAHOO-DEB)
2 136.243.44.4 24940 (HETZNER-AS)
1 3 54.155.22.133 16509 (AMAZON-02)
6 2600:9000:21f... 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
1 199.232.136.157 54113 (FASTLY)
4 13.238.96.192 16509 (AMAZON-02)
2 2a04:4e42::645 54113 (FASTLY)
1 158.101.192.201 31898 (ORACLE-BM...)
2 2.18.235.40 16625 (AKAMAI-AS)
1 13.224.195.94 16509 (AMAZON-02)
2 2 2620:119:50e7... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 104.244.42.131 13414 (TWITTER)
1 104.244.42.5 13414 (TWITTER)
2 2600:9000:21f... 16509 (AMAZON-02)
1 13.224.195.69 16509 (AMAZON-02)
1 18.169.85.185 16509 (AMAZON-02)
2 212.82.100.181 34010 (YAHOO-IRD)
15 2a03:2880:f12... 32934 (FACEBOOK)
1 13.225.78.105 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 5 142.250.74.198 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
12 52.16.165.61 16509 (AMAZON-02)
2 52.204.6.70 14618 (AMAZON-AES)
1 13.225.85.39 16509 (AMAZON-02)
2 13.238.165.50 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:21f... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 15.188.95.229 16509 (AMAZON-02)
2 34.249.252.185 16509 (AMAZON-02)
1 5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 3 185.33.220.242 29990 (ASN-APPNEX)
1 1 2001:678:cb4:... 56396 (AMOBEE)
2 54.253.223.140 16509 (AMAZON-02)
2 69.173.144.139 26667 (RUBICONPR...)
1 54.144.144.142 14618 (AMAZON-AES)
1 52.44.89.131 14618 (AMAZON-AES)
2 2 2.18.233.180 16625 (AKAMAI-AS)
1 1 142.250.185.226 15169 (GOOGLE)
1 1 151.101.130.49 54113 (FASTLY)
2 2 151.101.2.49 54113 (FASTLY)
2 2 2.18.234.21 16625 (AKAMAI-AS)
1 1 52.57.150.20 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
5 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
2 142.250.185.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 104.17.208.240 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
1 52.44.184.111 14618 (AMAZON-AES)
1 2 18.185.183.183 16509 (AMAZON-02)
2 2 76.223.111.18 16509 (AMAZON-02)
1 1 52.44.110.4 14618 (AMAZON-AES)
1 52.51.5.121 16509 (AMAZON-02)
1 2607:ae80:5::149 26558 (FREEWHEEL)
188 62
39    2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)
www.afr.com
api.afr.com
static.ffx.io
1    2a02:26f0:1700:793::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:21f3:600:10:2964:9d00:21 (United States)

ASN16509 (AMAZON-02, US)
d2uhnetoehh304.cloudfront.net
5    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
securepubads.g.doubleclick.net
1    23.67.128.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-67-128-30.deploy.static.akamaitechnologies.com
a304207300.cdn.optimizely.com
4    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    13.225.78.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-103.fra2.r.cloudfront.net
static.hotjar.com
2    2a02:26f0:6c00::210:ba13 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
sjs.bizographics.com
3    2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    136.243.44.4 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.4.44.243.136.clients.your-server.de
static-au.plista.com
3    54.155.22.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-22-133.eu-west-1.compute.amazonaws.com
secure-au.imrworldwide.com
secure-dcr.imrworldwide.com
6    2600:9000:21f3:4400:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-gl.imrworldwide.com
1    2600:9000:20eb:a200:7:3896:c640:93a1 (United States)

ASN16509 (AMAZON-02, US)
adc-js.nine.com.au
1    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
4    13.238.96.192 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
i.ffx.io
2    2a04:4e42::645 (United States)

ASN54113 (FASTLY, US)
api.afr.com
1    158.101.192.201 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)
fairfaxmedia.gscontxt.net
2    2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
1    13.224.195.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-94.fra2.r.cloudfront.net
script.hotjar.com
2    2620:119:50e7:101::9002:e05 (San Francisco, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
2    2600:9000:21f3:8400:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)
secure-gl.imrworldwide.com
1    13.224.195.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-69.fra2.r.cloudfront.net
vars.hotjar.com
1    18.169.85.185 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-85-185.eu-west-2.compute.amazonaws.com
mb.moatads.com
2    212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
15    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    13.225.78.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-105.fra2.r.cloudfront.net
vc.hotjar.io
4    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    142.250.74.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net
ad.doubleclick.net
6633783.fls.doubleclick.net
3    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
12    52.16.165.61 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
dpm.demdex.net
fairfaxau.demdex.net
2    52.204.6.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-6-70.compute-1.amazonaws.com
10510523.collect.igodigital.com
nova.collect.igodigital.com
1    13.225.85.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-85-39.fra2.r.cloudfront.net
cdn.parsely.com
2    13.238.165.50 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com
l.ffx.io
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
1    2600:9000:21f3:e000:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com
1    2a00:1450:400c:c01::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
fairfaxau.sc.omtrdc.net
2    34.249.252.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-252-185.eu-west-1.compute.amazonaws.com
nd.demdex.net
5    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    185.33.220.242 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    2001:678:cb4:bbbb::13 (United Kingdom)

ASN56396 (AMOBEE, GB)
d.turn.com
2    54.253.223.140 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-253-223-140.ap-southeast-2.compute.amazonaws.com
adc.nine.com.au
2    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
pixel.rubiconproject.com
1    54.144.144.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-144-142.compute-1.amazonaws.com
p1.parsely.com
1    52.44.89.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-89-131.compute-1.amazonaws.com
logx.optimizely.com
2    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
image5.pubmatic.com
1    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
cm.g.doubleclick.net
1    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
rtd.tubemogul.com
2    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
rtd-tm.everesttech.net
2    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum.casalemedia.com
1    52.57.150.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
5    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
9    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
10    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
3    104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
siteintercept.qualtrics.com
1    2600:9000:20eb:cc00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
1    52.44.184.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-184-111.compute-1.amazonaws.com
ping.chartbeat.net
2    18.185.183.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-183-183.eu-central-1.compute.amazonaws.com
pixel.advertising.com
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
dmpsync.3lift.com
1    52.44.110.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-110-4.compute-1.amazonaws.com
usermatch.krxd.net
1    52.51.5.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-5-121.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    2607:ae80:5::149 (United States)

ASN26558 (FREEWHEEL, US)
dmp.v.fwmrm.net
Apex Domain
Subdomains		 Transfer
28 afr.com
www.afr.com
api.afr.com
651 KB
21 googlesyndication.com
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
199 KB
19 ffx.io
i.ffx.io
static.ffx.io
l.ffx.io
130 KB
16 doubleclick.net
securepubads.g.doubleclick.net
ad.doubleclick.net
6633783.fls.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
189 KB
15 facebook.com
www.facebook.com
1 KB
14 demdex.net
dpm.demdex.net
fairfaxau.demdex.net
nd.demdex.net
19 KB
12 imrworldwide.com
secure-au.imrworldwide.com
cdn-gl.imrworldwide.com
secure-gl.imrworldwide.com
secure-dcr.imrworldwide.com
vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com
84 KB
8 google.com
adservice.google.com
www.google.com
2 KB
5 ampproject.org
cdn.ampproject.org
103 KB
4 google-analytics.com
www.google-analytics.com
21 KB
4 linkedin.com
px.ads.linkedin.com
www.linkedin.com
px4.ads.linkedin.com
3 KB
4 facebook.net
connect.facebook.net
287 KB
3 qualtrics.com
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
siteintercept.qualtrics.com
21 KB
3 adnxs.com
ib.adnxs.com
3 KB
3 yahoo.com
sp.analytics.yahoo.com
cms.analytics.yahoo.com
2 KB
3 moatads.com
z.moatads.com
mb.moatads.com
83 KB
3 nine.com.au
adc-js.nine.com.au
adc.nine.com.au
23 KB
3 yimg.com
s.yimg.com
12 KB
3 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
64 KB
3 optimizely.com
cdn.optimizely.com
a304207300.cdn.optimizely.com
logx.optimizely.com
92 KB
2 krxd.net
usermatch.krxd.net
beacon.krxd.net
529 B
2 3lift.com
dmpsync.3lift.com
755 B
2 casalemedia.com
ssum.casalemedia.com
2 KB
2 advertising.com
sync.adaptv.advertising.com Failed
pixel.advertising.com
602 B
2 everesttech.net
rtd-tm.everesttech.net
653 B
2 pubmatic.com
image5.pubmatic.com
694 B
2 rubiconproject.com
token.rubiconproject.com
pixel.rubiconproject.com
453 B
2 google.de
adservice.google.de
www.google.de
1 KB
2 parsely.com
cdn.parsely.com
p1.parsely.com
26 KB
2 igodigital.com
10510523.collect.igodigital.com
nova.collect.igodigital.com
3 KB
2 plista.com
static-au.plista.com
18 KB
1 fwmrm.net
dmp.v.fwmrm.net
361 B
1 chartbeat.net
ping.chartbeat.net
201 B
1 chartbeat.com
static.chartbeat.com
14 KB
1 2mdn.net
s0.2mdn.net
125 KB
1 googletagservices.com
www.googletagservices.com
37 KB
1 eyeota.net
ps.eyeota.net
418 B
1 tubemogul.com
rtd.tubemogul.com
267 B
1 turn.com
d.turn.com
402 B
1 omtrdc.net
fairfaxau.sc.omtrdc.net
313 B
1 hotjar.io
vc.hotjar.io
256 B
1 t.co
t.co
471 B
1 twitter.com
analytics.twitter.com
675 B
1 gscontxt.net
fairfaxmedia.gscontxt.net
2 KB
1 ads-twitter.com
static.ads-twitter.com
6 KB
1 bizographics.com
sjs.bizographics.com
2 KB
1 licdn.com
snap.licdn.com
2 KB
1 cloudfront.net
d2uhnetoehh304.cloudfront.net
30 KB
1 googletagmanager.com
www.googletagmanager.com
118 KB
188 49
Domain Requested by
18 www.afr.com www.afr.com
15 www.facebook.com www.afr.com
13 static.ffx.io www.afr.com
11 dpm.demdex.net www.afr.com
10 pagead2.googlesyndication.com www.afr.com
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
www.googletagservices.com
10 api.afr.com www.afr.com
9 tpc.googlesyndication.com www.afr.com
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
6 cdn-gl.imrworldwide.com www.afr.com
cdn-gl.imrworldwide.com
secure-au.imrworldwide.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 www.google.com 1 redirects www.afr.com
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
tpc.googlesyndication.com
5 securepubads.g.doubleclick.net www.afr.com
securepubads.g.doubleclick.net
4 ad.doubleclick.net 4 redirects
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.afr.com
4 i.ffx.io d2uhnetoehh304.cloudfront.net
4 connect.facebook.net www.afr.com
connect.facebook.net
3 ib.adnxs.com 3 redirects
3 adservice.google.com www.afr.com
securepubads.g.doubleclick.net
3 s.yimg.com www.afr.com
s.yimg.com
2 dmpsync.3lift.com 2 redirects
2 pixel.advertising.com 1 redirects
2 siteintercept.qualtrics.com zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
siteintercept.qualtrics.com
2 googleads4.g.doubleclick.net www.afr.com
2 googleads.g.doubleclick.net 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
www.afr.com
2 ssum.casalemedia.com 2 redirects
2 rtd-tm.everesttech.net 2 redirects
2 image5.pubmatic.com 2 redirects
2 adc.nine.com.au adc-js.nine.com.au
2 nd.demdex.net www.afr.com
2 secure-dcr.imrworldwide.com www.afr.com
2 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 l.ffx.io www.afr.com
2 sp.analytics.yahoo.com www.afr.com
2 secure-gl.imrworldwide.com secure-au.imrworldwide.com
www.afr.com
2 px.ads.linkedin.com 2 redirects
2 z.moatads.com www.afr.com
z.moatads.com
2 static-au.plista.com www.afr.com
static-au.plista.com
1 dmp.v.fwmrm.net
1 beacon.krxd.net
1 usermatch.krxd.net 1 redirects
1 ping.chartbeat.net
1 pixel.rubiconproject.com
1 static.chartbeat.com www.afr.com
1 zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com www.afr.com
1 s0.2mdn.net 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
1 www.googletagservices.com 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
1 cms.analytics.yahoo.com 1 redirects
1 ps.eyeota.net 1 redirects
1 rtd.tubemogul.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 logx.optimizely.com cdn.optimizely.com
1 p1.parsely.com www.afr.com
1 nova.collect.igodigital.com www.afr.com
1 token.rubiconproject.com www.afr.com
1 d.turn.com 1 redirects
1 www.google.de www.afr.com
1 fairfaxau.sc.omtrdc.net www.afr.com
1 fairfaxau.demdex.net www.afr.com
1 stats.g.doubleclick.net www.google-analytics.com
1 vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com www.afr.com
1 adservice.google.de securepubads.g.doubleclick.net
1 cdn.parsely.com www.googletagmanager.com
1 10510523.collect.igodigital.com www.googletagmanager.com
1 6633783.fls.doubleclick.net www.afr.com
1 vc.hotjar.io script.hotjar.com
1 mb.moatads.com z.moatads.com
1 vars.hotjar.com static.hotjar.com
1 t.co www.afr.com
1 analytics.twitter.com static.ads-twitter.com
1 px4.ads.linkedin.com www.afr.com
1 www.linkedin.com 1 redirects
1 script.hotjar.com static.hotjar.com
1 fairfaxmedia.gscontxt.net www.afr.com
1 static.ads-twitter.com www.afr.com
1 adc-js.nine.com.au www.afr.com
1 secure-au.imrworldwide.com 1 redirects
1 sjs.bizographics.com www.afr.com
1 snap.licdn.com www.afr.com
1 static.hotjar.com www.afr.com
1 a304207300.cdn.optimizely.com cdn.optimizely.com
1 d2uhnetoehh304.cloudfront.net www.afr.com
1 www.googletagmanager.com www.afr.com
1 cdn.optimizely.com www.afr.com
0 sync.adaptv.advertising.com Failed www.afr.com
188 83
Subject Issuer Validity Valid
nine.com.au
COMODO RSA Organization Validation Secure Server CA		 2021-09-06 -
2022-09-06		 a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2021-02-17 -
2022-02-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-06-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-29 -
2021-11-27		 3 months crt.sh
*.hotjar.com
Amazon		 2020-12-25 -
2022-01-23		 a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-11-08 -
2021-12-29		 2 months crt.sh
js.bizographics.com
DigiCert SHA2 Secure Server CA		 2021-09-28 -
2022-09-28		 a year crt.sh
*.plista.com
COMODO RSA Domain Validation Secure Server CA		 2020-06-02 -
2022-04-11		 2 years crt.sh
*.imrworldwide.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-28 -
2022-02-01		 a year crt.sh
*.api.nine.com.au
Amazon		 2021-08-15 -
2022-09-13		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.9pub.io
Amazon		 2021-07-07 -
2022-08-05		 a year crt.sh
*.gscontxt.net
DigiCert SHA2 Secure Server CA		 2020-01-22 -
2022-01-21		 2 years crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-01-21 -
2022-01-25		 a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-25 -
2022-06-25		 a year crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-19 -
2022-04-13		 6 months crt.sh
*.hotjar.io
Amazon		 2021-08-17 -
2022-09-15		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.collect.igodigital.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-25 -
2022-02-25		 a year crt.sh
*.parsely.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.ninetech.dev
Amazon		 2021-08-03 -
2022-09-01		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.nuid.imrworldwide.com
Amazon		 2021-06-11 -
2022-07-10		 a year crt.sh
*.sc.omtrdc.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-10-05 -
2022-03-04		 5 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
logx.optimizely.com
Amazon		 2021-08-23 -
2022-09-21		 a year crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.qualtrics.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-24 -
2022-09-24		 a year crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2021-05-20 -
2022-06-03		 a year crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2020-12-01 -
2021-12-30		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-17 -
2021-12-18		 a year crt.sh

This page contains 20 frames:

Primary Page: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Frame ID: 1AA0071F36C80207F3C663BCB8F770CF
Requests: 123 HTTP requests in this frame

Frame: https://a304207300.cdn.optimizely.com/client_storage/a304207300.html
Frame ID: 2E29B8A7FBCB11EA1FEB704E10130DD9
Requests: 1 HTTP requests in this frame

Frame: https://secure-gl.imrworldwide.com/storageframe.html
Frame ID: B860C2A07A2F3F1EEDF249CE76485A95
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Frame ID: 540A70190A2D215218D1199FCD37B7E9
Requests: 1 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: 6CCAA71F9633449A9AF14C82895A8776
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 3F9FC142C654C2F45B2ED38DFCA61502
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564
Frame ID: A6CE169759224094FE876ADAE5A65A14
Requests: 1 HTTP requests in this frame

Frame: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 63B98D798A8E3FA9D365A647C99D6F9D
Requests: 1 HTTP requests in this frame

Frame: https://fairfaxau.demdex.net/dest5.html?d_nsid=0
Frame ID: B8DDB9EA5007D9D96B501EFA101DB63A
Requests: 11 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1CAB805B7CEA0133A05B0B67741E3002
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: F03C97C65A7BF4338222D970D4A1774D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: AEDF7167471547B33271B2EFD7BD4AE6
Requests: 1 HTTP requests in this frame

Frame: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 65AF517E9A99199F5A4866DFDC9648C6
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: AD7D6691B7877B9509051E780B0B22DE
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COPnrwIQ4YWo8AIYrbnztAEwAQ&v=APEucNWSdrfP2fW_jLvjl_lEcwMVGEFc0A1tXsWeiOOrQntRnpyczauKs6OY59q-CHeNODb8nBld2bUtrdA-pZguE3LkYAbNBQ
Frame ID: F5F2656018193B361B4FB2C602226C20
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1E75177E68B30DDAD990821EBDE78D55
Requests: 3 HTTP requests in this frame

Frame: https://nd.demdex.net/dest5.html?d_nsid=0
Frame ID: 4EB47F4DB7B806DC95469590642049F7
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: B1BF257137DADC7C986AAC00139E102D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7DFEFD6D111CC696AC5C31A2EFE3F3CD
Requests: 2 HTTP requests in this frame

Frame: https://adc.nine.com.au/?appNexusUid=5141211787394852558
Frame ID: 4B4EE86873964A1A675C39055A9EB059
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ransomware extortion tactics put businesses in a fixThe Australian Financial Review

Page Statistics

188
Requests

91 %
HTTPS

42 %
IPv6

49
Domains

83
Subdomains

62
IPs

9
Countries

2368 kB
Transfer

6725 kB
Size

56
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27
  • https://secure-au.imrworldwide.com/v60.js HTTP 301
  • https://cdn-gl.imrworldwide.com/v60.js
Request Chain 49
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%252C3519914%26time%3D1637406678627%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Ftechnology%252Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%2523Echobox%253D1637265959%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&liSync=true&e_ipv6=AQJuJwnoKPSyygAAAX09CyG28XIfvVPLZnktUCUhZWs_ZKJskg_d853TRuPOykSSEeELZ2EKzO8
Request Chain 77
  • https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1 HTTP 302
  • https://ad.doubleclick.net/activity;dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1 HTTP 302
  • https://adservice.google.com/ddm/fls/z/dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=*;ps=1
Request Chain 84
  • https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564
Request Chain 111
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=5141211787394852558
Request Chain 113
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=470&dpuuid=4442720377856856468
Request Chain 123
  • https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s
Request Chain 124
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDQ1MDY5ODk1MTUzODEzMzA4MTAzMjIwOTkwMjA3MzAwNTcyNDc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEBXqbgYpQS-hbIlMPRT0SHs&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 125
  • https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YZjX1wAAIzUr0wAd HTTP 302
  • https://dpm.demdex.net/ibs:dpid=782&dpuuid=YZjX1wAAIzUr0wAd
Request Chain 126
  • https://sync.adap.tv/demdex_user_sync HTTP 302
  • https://sync.adaptv.advertising.com/demdex_user_sync
Request Chain 127
  • https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZjX13gF2dFP7dXfUwvTCwAA%261143
Request Chain 129
  • https://ps.eyeota.net/match?bid=6j5b2cv&uid=04506989515381330810322099020730057247&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
Request Chain 130
  • https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=04506989515381330810322099020730057247&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-ks.crBZE2pFw2n3Nb5zTfJOdKLFyu.ANj94-~A
Request Chain 155
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 178
  • https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true HTTP 302
  • https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true&verify=true
Request Chain 180
  • https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
Request Chain 181
  • https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=72352&dpuuid=2858410189763108339&gdpr=0&gdpr_consent=
Request Chain 182
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=04392943992645840350297740022456810277 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04392943992645840350297740022456810277
Request Chain 183
  • https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID HTTP 302
  • https://adc.nine.com.au/?appNexusUid=5141211787394852558

188 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
www.afr.com/technology/ 		178 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99571b4a667514695027f681d4b84645a4c52e27012cd6920312961ff9031ed0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=30
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
W/"2c807-a3PTEPCBu5i6rYS2LdMmR0jGmUE"
strict-transport-security
max-age=31536000
uber-trace-id
a9576f42776d6348:a9576f42776d6348:0:0
x-frame-options
sameorigin
x-varnish-grace
none(fetch fresh)
x-xss-protection
1; mode=block
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
date
Sat, 20 Nov 2021 11:11:18 GMT
age
7
x-served-by
cache-syd10181-SYD, cache-fra19158-FRA
x-cache
HIT, MISS
x-cache-hits
1, 0
vary
Accept-Encoding
content-length
37791
polyfillsGlobal.bb68a42823400af63e44.legacy.js
www.afr.com/assets/ 		1 KB
774 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/polyfillsGlobal.bb68a42823400af63e44.legacy.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
676e45f8459ced300bf85e30dbd33e14c7b2d5401c1e9151b7c45ae58471cb23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
460381
uber-trace-id
814e98e3f8291328:814e98e3f8291328:0:0
x-cache
HIT, HIT
content-length
537
etag
W/"4bc-17d1242caf8"
x-served-by
cache-syd10161-SYD, cache-fra19158-FRA
last-modified
Fri, 12 Nov 2021 03:48:27 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
3, 26
europa.b43215b0701cbeed2bee.legacy.js
www.afr.com/assets/ 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/europa.b43215b0701cbeed2bee.legacy.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a84ebe0712f0c8b775536d58221c8773b2552eb1cb1bd68560222ae80e56d318
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
460381
uber-trace-id
819231893abd041d:819231893abd041d:0:0
x-cache
HIT, HIT
content-length
10963
etag
W/"978b-17d1242caf8"
x-served-by
cache-syd10135-SYD, cache-fra19158-FRA
last-modified
Fri, 12 Nov 2021 03:48:27 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
13780390039.js
cdn.optimizely.com/js/ 		292 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/13780390039.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:793::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20d1e35b5637118da9d6d4564cbc536393c0fe04cf3e643b526a75e6303cff97
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
xpMQSEN3dTcfCiu6S2jjT12pGkr.RIoo
content-encoding
gzip
etag
"ba1e7166c6066992cb6262f2fa3f2cc2"
x-amz-request-id
JD03PFY2PBYNE7X2
x-amz-server-side-encryption
AES256
x-amz-meta-revision
2962
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:1700:793::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
91422
x-amz-id-2
NkihN5yfu1NRXWNceAZsFF5yjqHvL4ydpuP+FlcPXp3T5Hkryp9cMF7YgU6KwYt3SemtJqRH7zs=
last-modified
Tue, 16 Nov 2021 22:26:14 GMT
server
AmazonS3
date
Sat, 20 Nov 2021 11:11:18 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
gtm.js
www.googletagmanager.com/ 		379 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4f33e851edbf5c108182325fcfdde5b0c37b8043c4e0783c2df2de9e57857d63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120327
x-xss-protection
0
last-modified
Sat, 20 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 20 Nov 2021 11:11:18 GMT
sp.js
d2uhnetoehh304.cloudfront.net/2.11.0-patched/ 		97 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:600:10:2964:9d00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 23:48:38 GMT
content-encoding
gzip
last-modified
Mon, 05 Jul 2021 01:09:01 GMT
server
AmazonS3
age
10063361
etag
W/"80b7ca5bd7a7e17f33545663b8f8423f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
6gWCtSJIVSQx3ALRKf-c44nx3X7Lr_UvRC7fIp0a6NapbeCbo1nJbQ==
9a774230.svg
www.afr.com/assets/ 		3 KB
710 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.afr.com/assets/9a774230.svg
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
etag
W/"bf5-17c76d52e58"
age
3258673
uber-trace-id
df75eea16ec78a22:df75eea16ec78a22:0:0
x-cache
HIT, HIT
content-length
460
x-served-by
cache-syd10123-SYD, cache-fra19158-FRA
last-modified
Tue, 12 Oct 2021 23:27:35 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
20628, 1
0d96eeec.svg
www.afr.com/assets/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.afr.com/assets/0d96eeec.svg
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
etag
W/"18fe-17d08e6f308"
age
850909
uber-trace-id
b919d2e93a64f72f:b919d2e93a64f72f:0:0
x-cache
HIT, HIT
content-length
2780
x-served-by
cache-syd10169-SYD, cache-fra19158-FRA
last-modified
Wed, 10 Nov 2021 08:11:33 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
254, 39
suecanano-regular-webfont.woff2
www.afr.com/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/fonts/suecanano-regular-webfont.woff2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
etag
W/"4664-17d3586d6a8"
age
66226
uber-trace-id
ed2db57b2e19b1fa:ed2db57b2e19b1fa:0:0
x-cache
HIT, HIT
content-length
18020
x-served-by
cache-syd10128-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:29 GMT
date
Sat, 20 Nov 2021 11:11:18 GMT
x-frame-options
sameorigin
content-type
font/woff2
cache-control
public, max-age=86400
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
suecahd-regular-webfont.woff2
www.afr.com/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/fonts/suecahd-regular-webfont.woff2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
etag
W/"59b8-17d3586d6a8"
age
59278
uber-trace-id
664f562d3d81d023:664f562d3d81d023:0:0
x-cache
HIT, HIT
content-length
22968
x-served-by
cache-syd10182-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:29 GMT
date
Sat, 20 Nov 2021 11:11:18 GMT
x-frame-options
sameorigin
content-type
font/woff2
cache-control
public, max-age=86400
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
suecahd-regularitalic-webfont.woff2
www.afr.com/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/fonts/suecahd-regularitalic-webfont.woff2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
etag
W/"5f4c-17d3586d6a8"
age
74045
uber-trace-id
98058e4a50578e74:98058e4a50578e74:0:0
x-cache
HIT, HIT
content-length
24396
x-served-by
cache-syd10150-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:29 GMT
date
Sat, 20 Nov 2021 11:11:18 GMT
x-frame-options
sameorigin
content-type
font/woff2
cache-control
public, max-age=86400
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
suecanano-semibold-webfont.woff2
www.afr.com/fonts/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/fonts/suecanano-semibold-webfont.woff2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
etag
W/"45f0-17d3586d6a8"
age
64142
uber-trace-id
6faf3be49bebe9c6:6faf3be49bebe9c6:0:0
x-cache
HIT, HIT
content-length
17904
x-served-by
cache-syd10139-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:29 GMT
date
Sat, 20 Nov 2021 11:11:18 GMT
x-frame-options
sameorigin
content-type
font/woff2
cache-control
public, max-age=86400
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
suecahd-bold-webfont.woff2
www.afr.com/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/fonts/suecahd-bold-webfont.woff2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
via
1.1 varnish, 1.1 varnish
etag
W/"5844-17d3586d6a8"
age
59734
uber-trace-id
b32b4a21f0cf099b:b32b4a21f0cf099b:0:0
x-cache
HIT, HIT
content-length
22596
x-served-by
cache-syd10158-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:29 GMT
date
Sat, 20 Nov 2021 11:11:18 GMT
x-frame-options
sameorigin
content-type
font/woff2
cache-control
public, max-age=86400
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 26
vendorsReactRedux_client.023469c97287b79e8f7d.chunk.js
www.afr.com/assets/ 		154 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/vendorsReactRedux_client.023469c97287b79e8f7d.chunk.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8380e3bf82f742f26093c9e273b38d84feb6bb2e1d50c2954d1a79dd86b3bfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
214151
uber-trace-id
f2d712c8f4905fcd:f2d712c8f4905fcd:0:0
x-cache
HIT, HIT
content-length
51635
etag
W/"2663d-17d302cb0d8"
x-served-by
cache-syd10125-SYD, cache-fra19158-FRA
last-modified
Wed, 17 Nov 2021 23:12:55 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
x-cache-hits
1, 26
vendorsHtmlparser2_client.e9573b29e6a04fb33a0d.chunk.js
www.afr.com/assets/ 		126 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/vendorsHtmlparser2_client.e9573b29e6a04fb33a0d.chunk.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8a8c8a1d36423c9a81c9f57b7504b886b32361e5bafdaddf67be7a446029c4fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
188305
uber-trace-id
7fc46a55355caa9e:7fc46a55355caa9e:0:0
x-cache
HIT, HIT
content-length
40643
etag
W/"1f841-17d3177d648"
x-served-by
cache-syd10175-SYD, cache-fra19158-FRA
last-modified
Thu, 18 Nov 2021 05:14:37 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
x-cache-hits
1, 26
vendors_client.df0aab28adefa54169f6.chunk.js
www.afr.com/assets/ 		517 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
22519d9cd171433378d1fc980255f474665c59aac659506388865b70a5791a7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
188378
uber-trace-id
52f38d538b0b3357:52f38d538b0b3357:0:0
x-cache
HIT, HIT
content-length
152367
etag
W/"81405-17d3177d648"
x-served-by
cache-syd10155-SYD, cache-fra19158-FRA
last-modified
Thu, 18 Nov 2021 05:14:37 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
1, 2
client.6fbb471339e4c8608c5c.js
www.afr.com/assets/ 		524 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/client.6fbb471339e4c8608c5c.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
486a33a8e9c0d09f051eef39f71266282329428845a61aee8666cc287677a029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
124432
uber-trace-id
b1a3eb19ece41680:b1a3eb19ece41680:0:0
x-cache
HIT, HIT
content-length
135564
etag
W/"8309d-17d35871528"
x-served-by
cache-syd10130-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:45 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
x-cache-hits
1, 2
StandardArticleTemplate.a8507e6d59e81eeba271.chunk.js
www.afr.com/assets/ 		78 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/StandardArticleTemplate.a8507e6d59e81eeba271.chunk.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5cfbadfb6ffef50b0900cace97426d4fb51d5321a9f4e85b9934a2566bdb905a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Origin
https://www.afr.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
188325
uber-trace-id
d85acb1330c3d184:d85acb1330c3d184:0:0
x-cache
HIT, HIT
content-length
23236
etag
W/"139fa-17d3177d648"
x-served-by
cache-syd10180-SYD, cache-fra19158-FRA
last-modified
Thu, 18 Nov 2021 05:14:37 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
x-cache-hits
1, 24
client.6fbb471339e4c8608c5c.css
www.afr.com/assets/ 		150 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/client.6fbb471339e4c8608c5c.css
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
00cec741575df2df802bfe5589e0a7ca0203ce706451ab086c61deac873920b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
124432
uber-trace-id
188dd3aa18838b83:188dd3aa18838b83:0:0
x-cache
HIT, HIT
content-length
25614
etag
W/"2592d-17d35871528"
x-served-by
cache-syd10173-SYD, cache-fra19158-FRA
last-modified
Fri, 19 Nov 2021 00:09:45 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
normal hit
accept-ranges
bytes
x-cache-hits
1, 81
StandardArticleTemplate.a8507e6d59e81eeba271.chunk.css
www.afr.com/assets/ 		53 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/StandardArticleTemplate.a8507e6d59e81eeba271.chunk.css
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d3976ea4d6f3db03a05eebb0c048f94daf0204a21efee553a47c9f329e44cc11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
age
188357
uber-trace-id
a7d388a78de94119:a7d388a78de94119:0:0
x-cache
HIT, HIT
content-length
9370
etag
W/"d240-17d3177d648"
x-served-by
cache-syd10128-SYD, cache-fra19158-FRA
last-modified
Thu, 18 Nov 2021 05:14:37 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
x-cache-hits
1, 24
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/europa.b43215b0701cbeed2bee.legacy.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
e0d71e9e83d526a320cdee881361d1abcf386a92a21c116a31976690453bc75c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1049 / 169 of 1000 / last-modified: 1637363240"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26883
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 20 Nov 2021 11:11:18 GMT
a304207300.html
a304207300.cdn.optimizely.com/client_storage/ Frame 2E29 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a304207300.cdn.optimizely.com/client_storage/a304207300.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.128.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-128-30.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
59d1fe77c0d1ebe0d67f0573054abc91778b82b7ffe93e734720986ec4496650
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

x-amz-id-2
WBQMARhZ3QSDMLlW85UL7cg4n4iqisMdLuQhp8Y/NN9TZ96EuMrPq3srOP4ju6nb6OOenxuG6vk=
x-amz-request-id
31KTEA11WJJZJ45K
x-amz-replication-status
COMPLETED
last-modified
Fri, 19 Nov 2021 21:09:19 GMT
etag
"e9e893c44c9b6f53603c72274d9c8145"
x-amz-server-side-encryption
AES256
x-amz-meta-pci_enabled
False
content-encoding
gzip
x-amz-version-id
ALlnvVQbrvn_1JjiczYOrDiaHAcn5fkj
accept-ranges
bytes
content-type
text/html; charset=utf-8
server
AmazonS3
content-length
987
vary
Accept-Encoding
cache-control
max-age=120
date
Sat, 20 Nov 2021 11:11:18 GMT
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="8";dur=0,cdnip;desc="23.67.128.30";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
CWEDxDktmnK2VGeGPvi4OK3ZAPiEQKNTFa6ZcjDnRLDP3U8Nwd7unkDrl1B8zL0vNy4QEm4aTOxh0x8DiJtgaQ==
x-fb-trip-id
2050670934
x-frame-options
DENY
date
Sat, 20 Nov 2021 11:11:18 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-182799.js
static.hotjar.com/c/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-182799.js?sv=6
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-103.fra2.r.cloudfront.net
Software
/
Resource Hash
443a2dc3503a79ba039d8ae0969bbe0e6f3d3469e4f1b355627ff7e1530dad67
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
FRA2-C2
etag
W/3b149549262a58b6cf620291651ced75
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
72SHiPUgelosRG5HWvSGiRAKQ33Yo1gLYVQ5VIKqdqtwNFCfPSxAvQ==
via
1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba13 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 20 Nov 2021 11:11:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=48636
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sat, 20 Nov 2021 11:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
247
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5652
x-amz-id-2
5ppDeVKrTFtQz1MC9Lgw1jAbGIMfbzniyC6/s1mAx5iOzk8/3IXdjeXCBX68boKjdx47oxdKAfk=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 10 Dec 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 04 Nov 2021 15:26:13 GMT
server
ATS
etag
"146f99405588b7446958a732612c901d-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
QB8EWFDVWW3S57VY
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
pCmRUUjnQE9zqMEfVdrNnyYpaPAyW8Do
accept-ranges
bytes
content-type
application/javascript
insight.min.js
sjs.bizographics.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sjs.bizographics.com/insight.min.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba13 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 20 Nov 2021 11:11:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=25235
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
async.js
static-au.plista.com/ 		64 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static-au.plista.com/async.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.243.44.4 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.4.44.243.136.clients.your-server.de
Software
nginx /
Resource Hash
a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-plista-versions
plista-plugin- libplista-php-0.0.0
date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
582
x-plista-node
plista853
content-length
17165
last-modified
Sat, 20 Nov 2021 11:01:35 GMT
server
nginx
vary
Accept-Encoding
x-varnish
451878996 451479343
via
1.1 varnish-v4
cache-control
public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
expires
Sun, 21 Nov 2021 11:01:36 GMT
v60.js
cdn-gl.imrworldwide.com/
Redirect Chain
  • https://secure-au.imrworldwide.com/v60.js
  • https://cdn-gl.imrworldwide.com/v60.js
21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/v60.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
.KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
content-encoding
gzip
etag
W/"cc7339d315e5ab16597dd66d153a0e7e"
last-modified
Mon, 12 Oct 2020 13:35:53 GMT
server
AmazonS3
age
25262
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Sat, 20 Nov 2021 04:10:17 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
hg8sNMzNpuukjrrlofSrsAgFJeiPFvMD01xaQ3p5D3q11-MXt0yy2A==

Redirect headers

location
https://cdn-gl.imrworldwide.com:443/v60.js
date
Sat, 20 Nov 2021 11:11:18 GMT
server
awselb/2.0
content-length
134
content-type
text/html
ggcmb510.js
cdn-gl.imrworldwide.com/novms/js/2/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
2J3RA2RMi5eYAj7nmdbu3te_gb7jIgN9
content-encoding
gzip
etag
W/"afa0d379b1e6e0a61fad577d0043ff26"
last-modified
Mon, 15 Nov 2021 15:07:58 GMT
server
AmazonS3
age
2503
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Sat, 20 Nov 2021 10:30:18 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
Wk1Hnt_67LY1Eeg5xO3ty9XwuOplbBTEeKd6P5-EMIQGued4t11ulg==
adc.js
adc-js.nine.com.au/ 		76 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adc-js.nine.com.au/adc.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:a200:7:3896:c640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 20 Nov 2021 11:11:18 GMT
Content-Encoding
gzip
Last-Modified
Tue, 02 Mar 2021 06:12:51 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C1
ETag
W/"23c4e4ce44af9dfacd823a16445bddda"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript; charset=utf-8
Via
1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront)
Cache-Control
public, max-age=300
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
soKUGGBCsyGTNNPUOdA_0ZHSlyaCkaybrGOeG0DRoL_aGRXldCqptQ==
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
last-modified
Mon, 20 Sep 2021 23:58:10 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kcgs7200046-IAD, cache-hhn11559-HHN
tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software
akka-http/10.0.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.afr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Content-Type
Access-Control-Allow-Origin
https://www.afr.com
Date
Sat, 20 Nov 2021 11:11:19 GMT
Server
akka-http/10.0.9
Content-Length
0
Connection
keep-alive
44ce405ffa3ed5ec213e931dd258da0f.sprite.svg
www.afr.com/assets/svg/ 		120 KB
42 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.afr.com/assets/svg/44ce405ffa3ed5ec213e931dd258da0f.sprite.svg
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2cd62995b40ffaa521ba7d9bca7b1fcf6eb0850c938fd1ac1ebf14d7325b5663
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
etag
W/"1e19d-17cc04e4358"
age
2088963
uber-trace-id
ead85548d60c0dda:ead85548d60c0dda:0:0
x-cache
HIT, HIT
content-length
42757
x-served-by
cache-syd10126-SYD, cache-fra19158-FRA
last-modified
Wed, 27 Oct 2021 05:52:07 GMT
x-frame-options
sameorigin
date
Sat, 20 Nov 2021 11:11:18 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31557600
x-varnish-grace
none
accept-ranges
bytes
x-cache-hits
23661, 26
tp2
i.ffx.io/com.snowplowanalytics.snowplow/ 		2 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by
Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software
akka-http/10.0.9 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Sat, 20 Nov 2021 11:11:20 GMT
Server
akka-http/10.0.9
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://www.afr.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
2
p58pte
api.afr.com/api/content/v0/assets/ 		12 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/api/content/v0/assets/p58pte
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
34b8cad3668ce7f715858b81973d61fa9a2f0f7b42a7bf6a77fb517cdee62bf4

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
0
x-served-by
cache-syd10130-SYD, cache-fra19146-FRA
vary
Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=30
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
content-encoding
gzip
content-length
4212
x-cache-hits
0, 0
p5920l
api.afr.com/api/content/v0/assets/ 		9 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/api/content/v0/assets/p5920l
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f36ee956a765b39616a101d6a62076d0d257a12f107cd9ef50d61136e8b851c3

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
0
x-served-by
cache-syd10145-SYD, cache-fra19146-FRA
vary
Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=30
x-varnish-grace
none(fetch fresh)
accept-ranges
bytes
content-encoding
gzip
content-length
3384
x-cache-hits
0, 0
graphql
api.afr.com/ 		196 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20memberDetailsAndSubscriptions%20%7B%20memberDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20member%20%7B%20profile%20%7B%20displayName%20email%20roles%20%7B%20accountId%20role%20%7D%20shortID%20type%20%7D%20%7D%20%7D%20memberSubscriptionDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20subscription%20%7B%20entitlements%20plans%20%7D%20%7D%20%7D%20&operationName=memberDetailsAndSubscriptions&variables=%7B%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
x-served-by
cache-syd10147-SYD, cache-fra19158-FRA
vary
Origin, Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
private, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
196
x-cache-hits
0, 0
graphql
api.afr.com/ 		165 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20Account%20%7B%20account%20%7B%20autoplay%20error%20%7B%20message%20type%20%7D%20location%20%7B%20postCode%20state%20suburb%20%7D%20onboarding%20%7B%20newsfeed%20tags%20%7D%20%7D%20%7D%20&operationName=Account&variables=%7B%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
x-served-by
cache-syd10150-SYD, cache-fra19158-FRA
vary
Origin, Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
private, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
165
x-cache-hits
0, 0
graphql
api.afr.com/ 		104 B
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20isAssetInSavedList(%24assetID%3A%20String!%2C%20%24brand%3A%20Brand!)%20%7B%20isAssetInSavedList(input%3A%20%7BassetID%3A%20%24assetID%2C%20brand%3A%20%24brand%7D)%20%7B%20isSaved%20error%20%7B%20message%20%7D%20%7D%20%7D%20&operationName=isAssetInSavedList&variables=%7B%22assetID%22%3A%22p599kh%22%2C%22brand%22%3A%22afr%22%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
x-served-by
cache-syd10144-SYD, cache-fra19158-FRA
vary
Origin, Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
private, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
104
x-cache-hits
0, 0
graphql
api.afr.com/ 		473 B
439 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20PaywallRuleQuery(%24context%3A%20PaywallRuleRequestContext!%2C%20%24story%3A%20PaywallRuleRequestStory!)%20%7B%20paywallRule(context%3A%20%24context%2C%20story%3A%20%24story)%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20rule%20%7B%20...RuleFragment%20%7D%20%7D%20%7D%20fragment%20RuleFragment%20on%20PaywallRuleData%20%7B%20meter%20%7B%20global%20%7D%20prompt%20%7B%20...PromptFragment%20%7D%20promptType%20%7D%20fragment%20PromptFragment%20on%20Prompt%20%7B%20callToAction%20countRemaining%20message%20style%20subscriptionURL%20title%20%7D%20&operationName=PaywallRuleQuery&variables=%7B%22context%22%3A%7B%22alreadyMetered%22%3Afalse%2C%22currentMeterCount%22%3A0%2C%22referrer%22%3A%22%22%2C%22bypassURL%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959%22%7D%2C%22story%22%3A%7B%22brand%22%3A%22AFR%22%2C%22categories%22%3A%5B%22Technology%22%5D%2C%22sponsored%22%3Afalse%2C%22tags%22%3A%5B%22Cyber%20security%20(Editorial%20use)%22%2C%22Cyber%20security%22%5D%2C%22type%22%3A%22ARTICLE%22%7D%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fdb3c6cf003fd30bfc3edd21a3664edc2b4407daef1879323378c491742c93ec

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-served-by
cache-syd10150-SYD, cache-fra19158-FRA
vary
Accept-Encoding, Origin
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
private, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
350
via
1.1 varnish, 1.1 varnish
x-cache-hits
0, 0
graphql
api.afr.com/ 		145 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20AudienceSegmentsQuery(%24userId%3A%20String!)%20%7B%20audienceSegments(userId%3A%20%24userId)%20%7B%20segments%20%7B%20engagementSegment%20%7B%20batchTime%20userSegment%20%7D%20%7D%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20%7D%20%7D%20&operationName=AudienceSegmentsQuery&variables=%7B%22userId%22%3A%22b853bb43-60cf-42ee-bf69-b756be516672%22%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
age
0
x-served-by
cache-syd10143-SYD, cache-fra19158-FRA
vary
Origin, Accept-Encoding
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
public, max-age=600
access-control-allow-credentials
true
accept-ranges
bytes
content-length
129
via
1.1 varnish, 1.1 varnish
x-cache-hits
0, 0
8a7c24266ddba411cd5ae34ba330a29f52b0940f
static.ffx.io/images/$zoom_0.632%2C$multiply_2%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_89/t_crop_custom/c_scale%2Cw_620%2Cq_88%2Cf_auto/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.632%2C$multiply_2%2C$ratio_1.776846%2C$width_1059%2C$x_0%2C$y_89/t_crop_custom/c_scale%2Cw_620%2Cq_88%2Cf_auto/8a7c24266ddba411cd5ae34ba330a29f52b0940f
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
87ee94ea6e5b94af621d1c45232a4aed93edc7aeaf88e3c05ae15012834c7917

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
0
edge-cache-tag
224547408708456360630329634526299233896,271263161071167605528329191451157073389,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="8a7c24266ddba411cd5ae34ba330a29f52b0940f.webp"
content-length
48136
x-served-by
cache-fra19149-FRA, cache-fra19158-FRA
x-cache
MISS, MISS
x-cld-skey
224547408708456360630329634526299233896 271263161071167605528329191451157073389 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 18:04:12 GMT
server
cloudinary
x-timer
S1637406679.615157,VS0,VE213
etag
"3d3b52c3d46a0492db48cfb21f376b99"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0
graphql
api.afr.com/ 		37 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20PageContentByPageType(%24brand%3A%20Brand!%2C%20%24pageType%3A%20PageType!%2C%20%24render%3A%20Render!)%20%7B%20pageContentByPageType(brand%3A%20%24brand%2C%20pageType%3A%20%24pageType%2C%20render%3A%20%24render)%20%7B%20contentUnits%20%7B%20assets%20%7B%20...AssetFragment%20sponsor%20%7B%20name%20%7D%20%7D%20config%20%7B%20heading%20headingLink%20%7D%20name%20%7D%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=PageContentByPageType&variables=%7B%22brand%22%3A%22AFR%22%2C%22pageType%22%3A%22article%22%2C%22render%22%3A%22WEB%22%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca343b67eba1f0268404fd700943e78cda59dfb987386e906e2d19a88e0a5df8

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
age
29
x-served-by
cache-syd10137-SYD, cache-fra19158-FRA
vary
Accept-Encoding, Origin
x-cache
HIT, HIT
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
public, max-age=30
access-control-allow-credentials
true
accept-ranges
bytes
content-length
7627
via
1.1 varnish, 1.1 varnish
x-cache-hits
1, 2
channels.cgi
fairfaxmedia.gscontxt.net/main/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fairfaxmedia.gscontxt.net/main/channels.cgi?url=https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/europa.b43215b0701cbeed2bee.legacy.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
158.101.192.201 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
/
Resource Hash
fe0e2b419121ae56140882d7bcd17ac614cc9cb71caf8a40781291ad3f7bec17

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
1846
Content-Type
application/javascript
moatheader.js
z.moatads.com/fairfaxheader492510264302/ 		236 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/europa.b43215b0701cbeed2bee.legacy.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
222636c2810fe948341450766980c2eec11a5db55a64e544bc6e7ee7652902ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 14:29:51 GMT
server
AmazonS3
x-amz-request-id
51EH5J6E9A339ZM1
etag
"0873cc09e1ebb230bc16e3769d661ea2"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=5779
accept-ranges
bytes
content-length
82845
x-amz-id-2
LbRy/kivjianFmNjZ3y0E7uc5JR+pequ5J6yAtI5q7ltTN3c+WSXJBVzoMEE9rkw3ybh5m3PDHA=
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 20 Nov 2021 11:11:18 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		124 B
121 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.afr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
96
x-xss-protection
0
expires
Sat, 20 Nov 2021 11:11:18 GMT
419599435931961
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/419599435931961?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
47c87e2004b4452b33d08a61a3807a87c6fec50158f9909ac1013f4b81e8bb41
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
uOG88Pw/XDFhs+sSoP2X7ryOsT1UuC6ybJlfRi9vMPiSMJuuBghOgmsYqk+KbTZ4utBEa+RePNSWth8LMaCF9A==
x-fb-trip-id
2050670934
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 20 Nov 2021 11:11:18 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
modules.1810afb089b838b62ed8.js
script.hotjar.com/ 		226 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.1810afb089b838b62ed8.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-94.fra2.r.cloudfront.net
Software
/
Resource Hash
2147901a5a424ea92ad2fd2457976c46765880cf4d267aa711df70d026912ab7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 13:25:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
251172
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
60615
access-control-allow-origin
*
last-modified
Wed, 17 Nov 2021 13:25:01 GMT
etag
"1f23634605f98b007e0df34e60106bb8"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
KIBMXCd5YDUPC2pb95K63ed53H1VxdgNemwL75IuxGc6PdJh3OSkfQ==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599k...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%252C3519914%26time%3D1637406678627%26url%3Dhttps%253A%252F%252Fwww.afr.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599k...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599...
0
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&liSync=true&e_ipv6=AQJuJwnoKPSyygAAAX09CyG28XIfvVPLZnktUCUhZWs_ZKJskg_d853TRuPOykSSEeELZ2EKzO8
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
A8yFMbM8uRZA3c8EXisAAA==

Redirect headers

date
Sat, 20 Nov 2021 11:11:19 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724%2C3519914&time=1637406678627&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&liSync=true&e_ipv6=AQJuJwnoKPSyygAAAX09CyG28XIfvVPLZnktUCUhZWs_ZKJskg_d853TRuPOykSSEeELZ2EKzO8
x-li-proto
http/2
x-li-pop
prod-lor1
content-length
0
x-li-uuid
i5XcGbM8uRZgqk519SoAAA==
10167837.json
s.yimg.com/wi/config/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10167837.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 10:20:52 GMT
x-content-type-options
nosniff
age
3026
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
56MK4A6T38D65JM5
x-amz-id-2
ZR8BDhyO9UAr2tczHaD9kfl72Pmum1VQ/6arRutm9GK9PTZ2Y88Iv1rjCC7PvUtDYGd/cGMI1/U=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
2
glcfg510.js
cdn-gl.imrworldwide.com/novms/js/2/configs/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
wnIBsJV.WYX0QccuSdW3u9_ELj0bpyte
content-encoding
gzip
etag
W/"931051f801612c3a0e2782961ac3d56c"
last-modified
Mon, 15 Nov 2021 15:07:57 GMT
server
AmazonS3
age
4512
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Sat, 20 Nov 2021 10:17:26 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
ylnaMwLtAbEPnSesnEgtfFV2UUmyCDK56CLIqQwbHlHK57jRFPWXvg==
a005318def317756887e3be5ceca16c8a23d4c47
static.ffx.io/images/$zoom_0.5874%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_1817%2C$y_258/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.5874%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_1817%2C$y_258/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/a005318def317756887e3be5ceca16c8a23d4c47
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
acc8dc85b366921e4a3edfc0dd1ab2e53a02726fd31075eaea85d7d54337dbe9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
129637
edge-cache-tag
242551844501440178678686097222620409753,222068150166294230884233866148763510214,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="a005318def317756887e3be5ceca16c8a23d4c47.webp"
content-length
4076
x-served-by
cache-fra19145-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
242551844501440178678686097222620409753 222068150166294230884233866148763510214 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 23:00:54 GMT
server
cloudinary
x-timer
S1637406679.658466,VS0,VE1
etag
"47327e52c284b5418fcb408f190c6785"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
aba06dace641185cc2cd78a0ea077e6e8a80593b
static.ffx.io/images/$zoom_0.4014%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_369%2C$y_176/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.4014%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_369%2C$y_176/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/aba06dace641185cc2cd78a0ea077e6e8a80593b
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
6902d150ba78c1e2d335ef4b0245e769a2c42a45e30dc4e7b610fe0687a682f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
147050
edge-cache-tag
256739230850092852952944700122403213942,458947244754449672868902819674383007104,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="aba06dace641185cc2cd78a0ea077e6e8a80593b.webp"
content-length
7520
x-served-by
cache-fra19130-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
256739230850092852952944700122403213942 458947244754449672868902819674383007104 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 18:00:34 GMT
server
cloudinary
x-timer
S1637406679.658634,VS0,VE1
etag
"b5a78c585ae9be70c38fd4078d680756"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
6427bbab54550695a342081f1eb089aadb45ed2f
static.ffx.io/images/$zoom_0.3432%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_52/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.3432%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_52/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/6427bbab54550695a342081f1eb089aadb45ed2f
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
b34e66d5e325bbf7dc79d9e17bbb8677ee970ebf4b83aa3e96223948cc783f95

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
147050
edge-cache-tag
291284831484601404069943986968393014745,285501107278222809310157208006290738498,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="6427bbab54550695a342081f1eb089aadb45ed2f.webp"
content-length
3962
x-served-by
cache-fra19150-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
291284831484601404069943986968393014745 285501107278222809310157208006290738498 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 18:00:34 GMT
server
cloudinary
x-timer
S1637406679.658703,VS0,VE1
etag
"346f72278809a44c315ceccd2470b831"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
ebb132abf265dfbbf44cfad887a533846fe394bc
static.ffx.io/images/$zoom_0.3811%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.3811%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ebb132abf265dfbbf44cfad887a533846fe394bc
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
8bd5598d856e935d7efd5d3797a8a9b48423b2b30a27c3c9503efb6cf267ecb6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
219366
edge-cache-tag
260025055450273266100654818647055068252,496611619205021988840048757700689324688,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="ebb132abf265dfbbf44cfad887a533846fe394bc.webp"
content-length
7948
x-served-by
cache-fra19162-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
260025055450273266100654818647055068252 496611619205021988840048757700689324688 5f5f4219172da4ec8104790896b11172
last-modified
Wed, 17 Nov 2021 22:14:10 GMT
server
cloudinary
x-timer
S1637406679.658769,VS0,VE1
etag
"fb3a2420f43ade569beec6f743bbb4e5"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/webp
adsct
analytics.twitter.com/i/ 		31 B
675 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=956a74c2-47fc-4e0d-a7c6-5dbb42a72675&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
111
pragma
no-cache
last-modified
Sat, 20 Nov 2021 11:11:18 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
206c51f9c94bfcaa79ffe8cce6488867f2b79fc89bd2f269dfa5f1f9f2bfe1fe
x-transaction
daddd935d30ca54c
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/ 		43 B
471 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=956a74c2-47fc-4e0d-a7c6-5dbb42a72675&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Sat, 20 Nov 2021 11:11:18 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
673d6f8f9dbef5d4aeb74d5a94545a2228b2bd2ef18cda89d34cb25795d31b62
x-transaction
44223654480b5c28
expires
Tue, 31 Mar 1981 05:00:00 GMT
fc2c63baa23f7c11ea923073.js
static-au.plista.com/async/pub/ 		31 B
361 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static-au.plista.com/async/pub/fc2c63baa23f7c11ea923073.js
Requested by
Host: static-au.plista.com
URL: https://static-au.plista.com/async.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.243.44.4 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.4.44.243.136.clients.your-server.de
Software
nginx /
Resource Hash
e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 20 Nov 2021 11:07:56 GMT
server
nginx
age
201
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish-v4
cache-control
public, must-revalidate, proxy-revalidate
x-varnish
452395101 451942527
accept-ranges
bytes
content-length
51
expires
Sun, 21 Nov 2021 11:07:57 GMT
storageframe.html
secure-gl.imrworldwide.com/ Frame B860 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure-gl.imrworldwide.com/storageframe.html
Requested by
Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:8400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/html
vary
Accept-Encoding
date
Sat, 20 Nov 2021 11:11:18 GMT
server
nginx
last-modified
Tue, 02 Nov 2021 17:34:35 GMT
etag
W/"618176ab-2b27"
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS
cross-origin-resource-policy
cross-origin
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
R5hKCU23AHqTdGXv2cz6TrPH-JkzN62uwENxo_hlJ3IIXukcw7pcug==
box-ad575b5823df97fc9725e14a57070642.html
vars.hotjar.com/ Frame 540A 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-69.fra2.r.cloudfront.net
Software
/
Resource Hash
f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/html
content-length
1050
date
Tue, 16 Nov 2021 11:16:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"a123045c9cc95cfe44d6b5d126b9f1a7"
last-modified
Tue, 16 Nov 2021 11:15:47 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 96283be49fd5bce30b3a0e9559bd2d9e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
UIft3HIuoQ7eJ5EwqBglUdgHs9LLvHLayZduBzJsSEfGWFuxK13kPw==
age
345312
v2
mb.moatads.com/yi/ 		363 B
537 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-%2BIU7L7voz2IHVpi6j1dGYr91P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-MxqwasQST%2BDrDg%3D%3D&sc=1&os=1-0Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&pcode=fairfaxheader492510264302&rx=425675205664&callback=MoatNadoAllJsonpRequest_34570880
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.169.85.185 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-169-85-185.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
59959cc851f137051643efa33b76d915990ea75cc993a6866e3708d4270f2023

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
cache-control
max-age=900
server
TornadoServer/4.5.3
timing-allow-origin
*
etag
"90cde7e44ecd1ba42e3eacbac6160f0462e21dbe"
content-length
363
content-type
text/html; charset=UTF-8
iframe.html
z.moatads.com/hd09824092/ Frame 6CCA 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/hd09824092/iframe.html
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

x-amz-id-2
cMTMm/T5i/x+FajcHkVdFOSmWAZag3PGFBeFtprKDfuotZYacHPbNTZ9It13lKcp9wxjAAroOng=
x-amz-request-id
3AF06B645285EDE5
last-modified
Tue, 26 Jan 2021 22:41:39 GMT
etag
"4a9cbc2e5bc164313dace42a58bef141"
accept-ranges
bytes
content-type
text/html
content-length
1374
server
AmazonS3
cache-control
max-age=3461
date
Sat, 20 Nov 2021 11:11:18 GMT
sp.pl
sp.analytics.yahoo.com/ 		43 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Sat%2C%2020%20Nov%202021%2011%3A11%3A18%20GMT&n=0&b=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&.yp=10167837&f=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&enc=UTF-8&yv=1.10.2&tagmgr=gtm
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:18 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
43
referrer-policy
strict-origin-when-cross-origin
expires
Sat, 20 Nov 2021 11:11:18 GMT
1831268437115893
connect.facebook.net/signals/config/ 		306 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1831268437115893?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
453b9ac9d54282c9838b51a5ea6d8fc34983a90050a750bccccc339e61109d86
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
pziZQ52XLT6QajnA/TiK3RwRgIMCCeXVadlETCauffLvSaTdxRkvHxGNAFx0tWbivj5alKYqqvUEKtvrGV+M5A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sat, 20 Nov 2021 11:11:18 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=419599435931961&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406678796&cd[brand]=afr&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Sat, 20 Nov 2021 11:11:18 GMT
P70F2B436-31E2-4369-A3CB-294DC350A880.js
cdn-gl.imrworldwide.com/conf/ 		33 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Requested by
Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2544aceebb5700eb1f0983c96de18fcd7846d3b49fd6166eb00364343d1e4e04

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
MKYckuJyy0eQBUh7MOm6cOgd7eGNNki8
content-encoding
gzip
etag
W/"0dd9082288a0da60e03a50ecea121fb2"
last-modified
Fri, 19 Nov 2021 13:16:46 GMT
server
AmazonS3
age
3475
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control
max-age=86400,s-maxage=86400
date
Sat, 20 Nov 2021 10:18:13 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
LoD1A6Xguc3RLLAl7cYTA3GnYG_oFcKuUMnmkOtJjziXXsZkpDq3AQ==
nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ 		193 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
zlYBAKd4EFa8SaOhPOy.ffYFxOn9YL7u
content-encoding
gzip
etag
W/"711241d99f4dbd99c7bef0f79ce85582"
last-modified
Mon, 15 Nov 2021 15:07:58 GMT
server
AmazonS3
age
184
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Sat, 20 Nov 2021 11:08:37 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
SaSTk336W-EXtqxv04X84zuPhAmxo4hyiNFrkr-i2P1xmNGdyfkyvw==
m
secure-gl.imrworldwide.com/cgi-bin/ 		44 B
522 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1637406678845&ci=f2&js=1&cg=0&ts=adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1c4v&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=956a74c2-47fc-4e0d-a7c6-5dbb42a72675&tw_document_href=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&tpx_cb=twttr.conversion.loadPixels&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&sr=1600x1200&id=lstrg-ffa3eec96d00ce7d7c7708b9acc5fa75
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:8400:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA2-C2
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
x-cache
Miss from cloudfront
content-type
image/gif
content-length
44
x-amz-cf-id
WVElmKWrs542WS4lHsQ-dMNLK-rmMkfVdTVjt0OqDxVIaxZkcCw0-Q==
expires
Thu, 01 Dec 1994 16:00:00 GMT
182799
vc.hotjar.io/sessions/ 		0
256 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/182799?s=0.25&r=0.07661874269088176
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.1810afb089b838b62ed8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-105.fra2.r.cloudfront.net
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
server
Python/3.7 aiohttp/3.5.4
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
yhIHXJczG-3sntxq4yfpoueqdw-t4d2qPg6hxjQB8yPsOl8HOKn4qw==
ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 3F9F 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:4400:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/html
last-modified
Mon, 15 Nov 2021 15:07:57 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
eeUHn6RuBJqT9WBL83URT7i74FkkqMiV
server
AmazonS3
content-encoding
gzip
date
Sat, 20 Nov 2021 11:08:36 GMT
cache-control
max-age=86400
etag
W/"7fa83dfc7b78314b137e2eb13834daa7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
hOdkXY3iKdaQoUwP-HrE97E-RCeaamfJ3qHn49J57sBBojg1yW6yUw==
age
162
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
611
date
Sat, 20 Nov 2021 11:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 20 Nov 2021 13:01:07 GMT
a005318def317756887e3be5ceca16c8a23d4c47
static.ffx.io/images/$zoom_0.5874%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_1817%2C$y_258/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.5874%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_1817%2C$y_258/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/a005318def317756887e3be5ceca16c8a23d4c47
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
aee3aa96c5f2155e0e1616013a5cf79e38e39ace446a799a11709970d2ad613e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
126927
edge-cache-tag
242551844501440178678686097222620409753,254750640329670643738384590732542887711,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="a005318def317756887e3be5ceca16c8a23d4c47.webp"
content-length
6900
x-served-by
cache-fra19168-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
242551844501440178678686097222620409753 254750640329670643738384590732542887711 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 23:00:52 GMT
server
cloudinary
x-timer
S1637406679.930365,VS0,VE1
etag
"bdab6099610844025bb8855166171f82"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
aba06dace641185cc2cd78a0ea077e6e8a80593b
static.ffx.io/images/$zoom_0.4014%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_369%2C$y_176/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.4014%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_369%2C$y_176/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/aba06dace641185cc2cd78a0ea077e6e8a80593b
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
578064b72fe9ed6bc5d94034e2eeb8976f23df0168ff7792dbd2c9086e052f47

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish, 1.1 varnish
age
125546
edge-cache-tag
256739230850092852952944700122403213942,307451089047394209280756908396026101869,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="aba06dace641185cc2cd78a0ea077e6e8a80593b.webp"
content-length
12934
x-served-by
cache-fra19126-FRA, cache-fra19158-FRA
x-cache
HIT, HIT
x-cld-skey
256739230850092852952944700122403213942 307451089047394209280756908396026101869 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 18:00:22 GMT
server
cloudinary
x-timer
S1637406679.930538,VS0,VE83
etag
"ae74af6d8c9146d8d53857213070aff4"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1
6427bbab54550695a342081f1eb089aadb45ed2f
static.ffx.io/images/$zoom_0.3432%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_52/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.3432%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_52/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/6427bbab54550695a342081f1eb089aadb45ed2f
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
266a2dbeae31704f7b74e51762545af77ae10d2086071bd787c27270b45c32e7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
148006
edge-cache-tag
291284831484601404069943986968393014745,361114338127933311178321235913421982378,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="6427bbab54550695a342081f1eb089aadb45ed2f.webp"
content-length
6992
x-served-by
cache-fra19120-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
291284831484601404069943986968393014745 361114338127933311178321235913421982378 5f5f4219172da4ec8104790896b11172
last-modified
Thu, 18 Nov 2021 18:00:22 GMT
server
cloudinary
x-timer
S1637406679.930623,VS0,VE1
etag
"a37fff66445475e58011ca9a327424ad"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
ebb132abf265dfbbf44cfad887a533846fe394bc
static.ffx.io/images/$zoom_0.3811%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.3811%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ebb132abf265dfbbf44cfad887a533846fe394bc
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
427280c472633d1aa5642a55e3fafee9f74831a60682164ab2896f92576b5e83

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
via
1.1 varnish, 1.1 varnish
age
218132
edge-cache-tag
260025055450273266100654818647055068252,308332272157791717994374563488079184199,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="ebb132abf265dfbbf44cfad887a533846fe394bc.webp"
content-length
12738
x-served-by
cache-fra19165-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
260025055450273266100654818647055068252 308332272157791717994374563488079184199 5f5f4219172da4ec8104790896b11172
last-modified
Mon, 30 Aug 2021 23:44:39 GMT
server
cloudinary
x-timer
S1637406679.930690,VS0,VE1
etag
"428f14d688576ac75cc4ef3cef1eafe0"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=*;ps=1
adservice.google.com/ddm/fls/z/
Redirect Chain
  • https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1?
  • https://ad.doubleclick.net/activity;dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1?
  • https://adservice.google.com/ddm/fls/z/dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=*;ps=1
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=*;ps=1
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/dc_pre=CLiD0ZvnpvQCFcYIogMdXXgNOA;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=*;ps=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1
6633783.fls.doubleclick.net/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://6633783.fls.doubleclick.net/activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=3766019548644;gtm=2wgba1;auiddc=732656605.1637406679;ps=1?
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
953970877989909
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/953970877989909?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
48f2243a31d116f576b0c06cbed9b9ad55d92a8910ec53f9fbe525ec020649db
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
2zo4HQmV+3G8eAPgzY1zaSzp5Yq701qwRJ75UC1hdzOKvdQnHJzI06pv+pfXqNC0w7aKSB831CPQjiXWE3dOyg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sat, 20 Nov 2021 11:11:18 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1831268437115893&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406678940&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%221111245219334310%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22248737323376397%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22238870547858716%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%221061618751009995%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:18 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:18 GMT
id
dpm.demdex.net/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&d_nsid=0&ts=1637406678979
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
268e8e0de6e332690909ac0c0b9288a24372727daec3158281ef06db4a35f012
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v019-0ff20dc55.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
sCH5VGIETQ8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.afr.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
878
Expires
Thu, 01 Jan 1970 00:00:00 UTC
collect.js
10510523.collect.igodigital.com/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://10510523.collect.igodigital.com/collect.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.6.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-6-70.compute-1.amazonaws.com
Software
/
Resource Hash
4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
last-modified
Fri, 19 Nov 2021 17:24:13 GMT
vary
Accept-Encoding
content-type
application/javascript
p.js
cdn.parsely.com/keys/afr.com/ 		72 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/afr.com/p.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.85.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-85-39.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e08410c46d34e10e615b8db79c9ff00de29e1a60179ede7a355d1d9c1c5307c8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Sat, 20 Nov 2021 05:50:31 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 21:52:02 GMT
server
nginx
age
19379
etag
W/"616f3e02-11f4e"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
Wq1InqwO9lYUSTd__8lq4fZ0HzKys_VYhhad-KS_70aua50Y8uh9hw==
expires
Sun, 21 Nov 2021 05:48:20 GMT
src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D163...
adservice.google.com/ddm/fls/z/ Frame A6CE
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox...
  • https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-...
  • https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-i...
42 B
63 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Sat, 20 Nov 2021 11:11:19 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
image/gif
x-content-type-options
nosniff
server
cafe
content-length
42
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Sat, 20 Nov 2021 11:11:19 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
location
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CNyV0pvnpvQCFdCVGAodSw0Jkw;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1295895800826.5564
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
l.ffx.io/ 		2 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.ffx.io/
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.165.50 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Date
Sat, 20 Nov 2021 11:11:20 GMT
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Length
2
/
l.ffx.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://l.ffx.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.165.50 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-165-50.ap-southeast-2.compute.amazonaws.com
Software
nginx/1.15.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.afr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Content-Length
0
Date
Sat, 20 Nov 2021 11:11:20 GMT
Server
nginx/1.15.9
Connection
keep-alive
graphql
api.afr.com/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20MostPopularQuery(%24assetType%3A%20String%2C%20%24brand%3A%20String!%2C%20%24count%3A%20Int%2C%20%24primaryCategory%3A%20String%2C%20%24subCategory%3A%20String%2C%20%24tags%3A%20%5BString!%5D)%20%7B%20mostPopularStories(%20assetType%3A%20%24assetType%20brand%3A%20%24brand%20category%3A%20%24primaryCategory%20count%3A%20%24count%20subCategory%3A%20%24subCategory%20tags%3A%20%24tags%20)%20%7B%20...AssetFragment%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=MostPopularQuery&variables=%7B%22brand%22%3A%22afr%22%2C%22primaryCategory%22%3A%22technology%22%2C%22count%22%3A5%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b4a0b54eedc0e013b9a90629f9f6e1673085c5778e0028e37a4017460368e6f3

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
age
0
x-served-by
cache-syd10121-SYD, cache-fra19158-FRA
vary
Accept-Encoding, Origin
x-cache
MISS, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
public, max-age=60
access-control-allow-credentials
true
accept-ranges
bytes
content-length
2026
via
1.1 varnish, 1.1 varnish
x-cache-hits
0, 0
graphql
api.afr.com/ 		15 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.afr.com/graphql?query=query%20assetsConnectionByCriteria(%24after%3A%20ID%2C%20%24brand%3A%20Brand!%2C%20%24categories%3A%20%5BInt!%5D%2C%20%24first%3A%20Int!%2C%20%24render%3A%20Render!%2C%20%24types%3A%20%5BAssetType!%5D!)%20%7B%20assetsConnectionByCriteria(%20after%3A%20%24after%20brand%3A%20%24brand%20categories%3A%20%24categories%20first%3A%20%24first%20render%3A%20%24render%20types%3A%20%24types%20)%20%7B%20edges%20%7B%20cursor%20node%20%7B%20...AssetFragment%20sponsor%20%7B%20name%20%7D%20%7D%20%7D%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20pageInfo%20%7B%20endCursor%20hasNextPage%20%7D%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=assetsConnectionByCriteria&variables=%7B%22brand%22%3A%22afr%22%2C%22categories%22%3A%5B151%5D%2C%22first%22%3A6%2C%22render%22%3A%22WEB%22%2C%22types%22%3A%5B%22article%22%2C%22liveArticle%22%2C%22featureArticle%22%5D%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.df0aab28adefa54169f6.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8a759dbfeb3b9fecbbab7aa723b982191f08b0eec9c3cfec18f8f7b3c27d6268

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
age
5
x-served-by
cache-syd10121-SYD, cache-fra19158-FRA
vary
Accept-Encoding, Origin
x-cache
HIT, MISS
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
public, max-age=30
access-control-allow-credentials
true
accept-ranges
bytes
content-length
3404
via
1.1 varnish, 1.1 varnish
x-cache-hits
1, 0
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 10:59:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
680
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1306
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 20 Nov 2021 11:59:59 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.afr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.afr.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		150 KB
43 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=35468394959504&correlator=2150173270157028&output=ldjh&impl=fifs&eid=31063706%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211120&iu_parts=21671780509%2Cafr%2Ctechnology%2Ccybersecurityeditorialuse&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=970x250%7C728x90%2C970x250%7C728x90%2C320x50%7C6x2%2C300x600%7C300x250%7C160x600%2C320x50%7C6x2&fluid=0%2C0%2Cheight%2C0%2Cheight&prev_scp=pos%3D1%26src_ad_id%3Dadspot-970x250_728x90-pos1-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-970x250_728x90-pos2-desktop%7Cpos%3D1%26src_ad_id%3Dadspot-N-6x2-pos1-desktop%26nativesz%3D6x2%7Cpos%3D3%26src_ad_id%3Dadspot-300x600_300x250_160x600-pos3-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-N-6x2-pos2-desktop%26nativesz%3D6x2&cust_params=adKitVersion%3D2.1.7%26autoRefresh%3Dfalse%26brms%3Dtrue%26brvs%3Dtrue%26deployEnv%3Dproduction%26layout%3Dblue%26pageid%3Dp599kh%26pageviewid%3D0F8FBC71-FFF1-41C8-A402-8254AF4B767D%26swgt%3Dna%26sysEnv%3Ddesktop%26cat%3Dtechnology%26cat1%3Dcybersecurityeditorialuse%26ctype%3Darticle%26csub%3Dvisitor%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26gs_cat%3Dneg_apple_keywords%252Cneg_custom_nespresso%252Cjourno_finexpert%252Cmicrosoft_kwbl%252Cmicrosoft_master_kwbl%252Camex_master_kwbl%252Cneg_westpac_brandsaftey2020%252Cwestpac_brandsaftey%252Cwestpac_kwbl%252Cneg_lego_custom%252Cneg_mcdonalds_kwbl%252Cffx_volkswagen_kw_blacklist%252Cneg_ffx_officeworks_kwbl%252Ciag_552192_blocked_words%252Cneg_ffx_anzbank_kwbl%252Cgt_negative%252Camex_kwbl%252Cxero_competitors_predts%252Csubaru_master_kwbl%252Cnesting_seg_example%252Ccustom_nab_2020%252Cbtfinancial_kwbl%252Clandcorp_kwbl%252Cwoolworths_retail_vertical%252Cbanking_kwbl%252Ccommsec_negativekeywords%252Cubank_kwbl%252Csemi_retired_workforce_predts%252Cneg_custom_freestyle_libre%252Cneg_us_protests%252Cnab_neg_kw%252Cinternet%252Cneg_qantas_master_kwbl%252Cgs_business%252Creturning_to_work_predts%252Cneg_cadreon_master_kwbl%252Ctech_internet_security%252Chbf_negative_kwbl%252Cneg_nestle_master%252Cgv_crime%252Cnab_kwbl%252Clogmein_meetings_predts%252Cqantas_blacklist%252Crecipes%252Cxero_kwbl%252Cproductivity%252Cgt_negative_fear%252Cfirsthomebuyers%252Cjournalist_investigative%252Clavazza_kwbl%252Cford_kwbl%252Cpaypal_kwbl%252Ctechdevices%252Cbhp_kwbl%252Cbunnings_master_kwbl%252Cintuit_stp%252Csecondary_income_predts%252Cneg_ffx_crime_other%252Cgs_business_misc%252Cfinancial-planning%252Cmayohardware_thermalbodycameras%252Cpaypal_sme_predts%252Caccounting_students_predts%252Cairlines_kwbl%252Cneg_wooliesx%252Cunhcr-emergency%252Coptus_kwbl%252Cardent_kwbl%252Cdreamworld_accident_kwbl%252Cgs_law_misc%252Ceducation%252Cgs_finance%252Cbushfires%252Cneg_custom_mondelez%252Cneg_custom_mondelez2020%252Chousingmarket%252Cgs_law%252Cjacobscreek_alcohol_kwbl%252Chome_loans_predts%252Cgambling_kwbl%252Cnewhome-builds%252Csustainable-investing%252Cgs_food_misc%252Cchanging_careers_predts%252Ctech_and_telco_vertical%252Cgs_tech_computing%252Cnbn_predts%252Ccar-maintenance%252Ccustom_anu_graduate%252Coyster_bay_master_kwbl%252Cemployment_awards%252Cneg_titancranes_custom_kwbl%252Cbunnings_kwbl&cookie_enabled=1&bc=31&abxe=1&lmt=1637406679&dt=1637406679050&dlt=1637406678119&idt=650&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C315%2C-9%2C-9%2C-9&adys=231%2C1214%2C-9%2C-9%2C-9&adks=2720056850%2C3106686796%2C1576390323%2C1087558029%2C4026957413&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x138%7C1340x122%7C0x-1%7C0x-1%7C0x-1&msz=1600x90%7C1340x90%7C0x-1%7C0x-1%7C0x-1&ga_vid=1022292280.1637406679&ga_sid=1637406679&ga_hid=1410706714&ga_fc=true&fws=4%2C4%2C2%2C2%2C2&ohw=1600%2C1600%2C0%2C0%2C0&btvi=0%7C1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
d7564954237d38e51cc76077c87f18d88de3cf164e7aea9aa912220310d94369
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43820
x-xss-protection
0
google-lineitem-id
-1,-1,-2,-1,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-2,-1,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.afr.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 63B9 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 20 Nov 2021 11:11:19 GMT
expires
Sun, 20 Nov 2022 11:11:19 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=953970877989909&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679068&cd[user.status]=visitor&cd[brand]=afr&cd[page.type]=article&cd[section.primaryCategory]=technology&cd[page.renderedPlatform]=WEB&cd[Container%20ID]=GTM-NN4PPKH&cd[page.name]=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&cd[page.primaryTag]=Cyber%20security%20(Editorial%20use)&cd[page.author]=Adam%20Turner&cd[page.fullPageLoad]=true&cd[userAgent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=419599435931961&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679070&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679071&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679071&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=419599435931961&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679072&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=2&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1831268437115893&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679073&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=953970877989909&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406679074&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:19 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1410706714&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&dp=%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&ul=en-us&de=UTF-8&dt=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=meter&ea=meter%20impression&el=inline&ev=0&_u=aGBAAEALAAAAAC~&jid=1247515628&gjid=1116318450&cid=1022292280.1637406679&tid=UA-91053368-8&_gid=1708300424.1637406679&_r=1&gtm=2wgba1NN4PPKH&cd1=afr&cd2=2021-11-18T18%3A00%3A00.000Z&cd3=2021-11-18T18%3A00%3A00.000Z&cd4=Adam%20Turner&cd5=WEB&cd6=0F8FBC71-FFF1-41C8-A402-8254AF4B767D&cd7=article&cd8=Technology&cd10=authoring&cd11=p599kh&cd12=false&cd14=visitor&cd16=0&cd21=AFR&cd22=Cyber%20security&cd23=Cyber%20security%20(Editorial%20use)&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd33=%223989a468-5511-41fe-960e-935f0667edf9%22&cd35=true&cd38=&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&cd46=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&cd56=visitor&cd57=false&cd60=&cd61=false&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&cd66=&promo1cr=technology&promo1id=inline&promo1nm=meter&promo1ps=Save%2050%25%20for%20your%20first%203%20months.&z=1439243485
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.afr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1410706714&t=pageview&ni=0&_s=2&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&dp=%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&ul=en-us&de=UTF-8&dt=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBACEALBAAAAC~&jid=&gjid=&cid=1022292280.1637406679&tid=UA-91053368-8&_gid=1708300424.1637406679&gtm=2wgba1NN4PPKH&cd1=afr&cd2=2021-11-18T18%3A00%3A00.000Z&cd3=2021-11-18T18%3A00%3A00.000Z&cd4=Adam%20Turner&cd5=WEB&cd6=0F8FBC71-FFF1-41C8-A402-8254AF4B767D&cd7=article&cd8=Technology&cd10=authoring&cd11=p599kh&cd12=false&cd14=visitor&cd16=0&cd21=AFR&cd22=Cyber%20security&cd23=Cyber%20security%20(Editorial%20use)&cd24=metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd33=%223989a468-5511-41fe-960e-935f0667edf9%22&cd35=true&cd38=&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&cd46=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&cd56=visitor&cd57=false&cd60=&cd61=false&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&cd66=&promo1cr=technology&promo1id=inline&promo1nm=meter&promo1ps=Save%2050%25%20for%20your%20first%203%20months.&z=1218723978
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 06:13:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
17848
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 3F9F 		44 B
560 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&sessionId=vrobdqwuphrhuxlcnt9klyisij1on1637406678&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.615&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.22.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-22-133.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdn-gl.imrworldwide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
server
nginx
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
44
expires
Thu, 01 Dec 1994 16:00:00 GMT
/
vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com/ Frame 3F9F 		35 B
349 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com/
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:e000:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdn-gl.imrworldwide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 01:32:23 GMT
via
1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
last-modified
Tue, 11 Sep 2018 17:05:20 GMT
server
AmazonS3
age
35089
etag
"c2196de8ba412c60c22ab491af7b1409"
x-cache
Hit from cloudfront
content-type
image/gif
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
35
x-amz-cf-id
syyJg4o9X3qxkrQXp9n7LIShmxSl3D0CFiuN1Q1nyX2B0QiL9VYf7g==
collect
stats.g.doubleclick.net/j/ 		4 B
439 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-91053368-8&cid=1022292280.1637406679&jid=1247515628&gjid=1116318450&_gid=1708300424.1637406679&_u=aGBAAEAKAAAAAC~&z=430067491
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c01::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 20 Nov 2021 11:11:19 GMT
content-type
text/plain
access-control-allow-origin
https://www.afr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
dest5.html
fairfaxau.demdex.net/ Frame B8DD 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fairfaxau.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Sat, 20 Nov 2021 11:11:19 GMT
DCS
dcs-prod-irl1-2-v019-0c18f40d5.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Thu, 14 Oct 2021 11:09:04 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
7Jc6W4cGQRg=
Content-Length
2791
Connection
keep-alive
id
fairfaxau.sc.omtrdc.net/ 		2 B
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fairfaxau.sc.omtrdc.net/id?d_visid_ver=1.8.0&d_fieldgroup=A&mcorgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&mid=04376036938693686720300554978608811814&ts=1637406679136
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-6988cccb6f-m592q
vary
Origin
x-c
main-1542.If2e2aa.M0-523
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.afr.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
event
nd.demdex.net/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://nd.demdex.net/event?_ts=1637406678981
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.252.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-252-185.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d511ec0b8b407c30c0a412aa3eaf73ef01d2d7df28e02c4c3c0480e10eb1f9a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v019-006eac0f9.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
P1mN8FzATFA=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.afr.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
736
Expires
Thu, 01 Jan 1970 00:00:00 UTC
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-91053368-8&cid=1022292280.1637406679&jid=1247515628&_u=aGBAAEAKAAAAAC~&z=247356075
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-91053368-8&cid=1022292280.1637406679&jid=1247515628&_u=aGBAAEAKAAAAAC~&z=247356075
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=358&dpuuid=5141211787394852558
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=5141211787394852558
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5141211787394852558
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-0143259ca.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
gF+mOVu2RuU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Sat, 20 Nov 2021 11:11:19 GMT
X-Proxy-Origin
136.243.198.81; 136.243.198.81; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
926cd840-1135-4265-a0c5-9c333dc8235e
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5141211787394852558
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
www.facebook.com/tr/ Frame 1CAB 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.afr.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.afr.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Sat, 20 Nov 2021 11:11:19 GMT
ibs:dpid=470&dpuuid=4442720377856856468
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
  • https://dpm.demdex.net/ibs:dpid=470&dpuuid=4442720377856856468
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=470&dpuuid=4442720377856856468
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-0c9dd8c91.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Y1JxtMYpQD4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=470&dpuuid=4442720377856856468
pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
/
adc.nine.com.au/ 		89 B
549 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://adc.nine.com.au/?
Requested by
Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.253.223.140 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-253-223-140.ap-southeast-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
0f4aa5805de9bd3997d9cdaf1ca4da48456488c61f530e2cf1954e7dba4d20bb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept
application/json
Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
server
awselb/2.0
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin
https://www.afr.com
api-supported-versions
1.0
cache-control
no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=2592000
content-type
application/json; charset=utf-8
content-length
89
4b9bfd57fb2dfab349a3f4cdfddc101686057080
static.ffx.io/images/$zoom_0.1936%2C$multiply_4%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_62/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.1936%2C$multiply_4%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_62/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/4b9bfd57fb2dfab349a3f4cdfddc101686057080
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
85e9c3aed667efe72eb9e098034b25d6f46d588edd022478444ac386bdcc6e80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish, 1.1 varnish
age
120960
edge-cache-tag
303454404104632591235739391890939412841,296477475172855885015049132600776655931,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="4b9bfd57fb2dfab349a3f4cdfddc101686057080.webp"
content-length
4808
x-served-by
cache-fra19178-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
303454404104632591235739391890939412841 296477475172855885015049132600776655931 5f5f4219172da4ec8104790896b11172
last-modified
Fri, 19 Nov 2021 01:06:18 GMT
server
cloudinary
x-timer
S1637406679.341549,VS0,VE2
etag
"de226f73cc8b3cc92e0ec960001967d7"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
669d2b959cd19aca4a6fce5f26f23b8085daff05
static.ffx.io/images/$zoom_0.4001%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_157/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.4001%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_157/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/669d2b959cd19aca4a6fce5f26f23b8085daff05
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
dd206f8ce747a813ac3ac9a88fbf5dab339c2c9e1987e2704ad0aa7bc40218d0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish, 1.1 varnish
age
57573
edge-cache-tag
284485132244200699922922551944869314965,328380784970346126967890130785244713791,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="669d2b959cd19aca4a6fce5f26f23b8085daff05.webp"
content-length
2840
x-served-by
cache-fra19121-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
284485132244200699922922551944869314965 328380784970346126967890130785244713791 5f5f4219172da4ec8104790896b11172
last-modified
Fri, 19 Nov 2021 13:16:50 GMT
server
cloudinary
x-timer
S1637406679.342175,VS0,VE1
etag
"d52e7d7d94a2ac2a022d5126b9919faf"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
1aa80a2b5887becbe26f15a8c1af3539cc09708f
static.ffx.io/images/$zoom_1.1037%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_4/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_1.1037%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_4/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/1aa80a2b5887becbe26f15a8c1af3539cc09708f
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
05265edea86e28659b1035197f238e5a321f20c546285bfccb066c64d2657b92

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish, 1.1 varnish
age
83691
edge-cache-tag
416580516828644467586514607461326979343,458172413795571407228010172681793542531,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="1aa80a2b5887becbe26f15a8c1af3539cc09708f.webp"
content-length
2046
x-served-by
cache-fra19158-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
416580516828644467586514607461326979343 458172413795571407228010172681793542531 5f5f4219172da4ec8104790896b11172
last-modified
Fri, 19 Nov 2021 10:33:08 GMT
server
cloudinary
x-timer
S1637406679.343527,VS0,VE1
etag
"d57884a5df06b50b71dec9db44fea56e"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 9
0054e561dcbef9ac83b88703fc152fe72008d867
static.ffx.io/images/$zoom_0.2722%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_89%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.ffx.io/images/$zoom_0.2722%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_89%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/0054e561dcbef9ac83b88703fc152fe72008d867
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudinary /
Resource Hash
346fc2fb1d15814fae554c303c8a2dae4cd67990f8ebe40fc5561b18e133cb78

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish, 1.1 varnish
age
94928
edge-cache-tag
183581207634624204320358487838570909358,400740281564827765394677176433812416535,5f5f4219172da4ec8104790896b11172
content-disposition
inline; filename="0054e561dcbef9ac83b88703fc152fe72008d867.webp"
content-length
5418
x-served-by
cache-fra19123-FRA, cache-fra19158-FRA
x-cache
MISS, HIT
x-cld-skey
183581207634624204320358487838570909358 400740281564827765394677176433812416535 5f5f4219172da4ec8104790896b11172
last-modified
Fri, 19 Nov 2021 05:17:02 GMT
server
cloudinary
x-timer
S1637406679.343706,VS0,VE1
etag
"9c4e1fd93d17d7b0e91f24bc7d65c49e"
vary
User-Agent
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
token
token.rubiconproject.com/ Frame B8DD 		0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=6404&puid=04506989515381330810322099020730057247&gdpr=0&gdpr_consent=
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
track_page_view
nova.collect.igodigital.com/c2/10510523/ 		43 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959%22%2C%22referrer%22%3A%22%22%2C%22user_info%22%3A%7B%7D%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.6.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-6-70.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-runtime
0.002953
date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
c79e28b8-c2e1-4ecb-ba35-c300de0d392d
/
p1.parsely.com/plogger/ 		43 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1637406679361&plid=90601777&idsite=afr.com&url=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22_pageviewID%22%3A%220F8FBC71-FFF1-41C8-A402-8254AF4B767D%22%7D&sid=1&surl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&sref=&sts=1637406679355&slts=0&title=Ransomware+extortion+tactics+put+businesses+in+a+fix&date=Sat+Nov+20+2021+11%3A11%3A19+GMT%2B0000+(GMT)&action=pageview&js=1&pvid=94133100&u=pid%3D17db1e4d6d4272aab0f79cbf6ef7b77d
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.144.144.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-144-142.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 20 Nov 2021 11:11:19 GMT
Cache-Control
no-cache
Last-Modified
Saturday, 20-Nov-2021 11:11:19 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
events
logx.optimizely.com/v1/ 		0
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.89.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-89-131.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 20 Nov 2021 11:11:19 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.afr.com
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
7f8ca33a-bd62-4385-9120-01280c74d05c
ibs:dpid=466&dpuuid=%s
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID
  • https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s
42 B
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v019-02cd5e33a.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
300,104
X-TID
6oQ1aX2MQsM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
server
nginx
etag
"60b823b8-cde"
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location
https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s
cache-control
max-age=0, no-cache, no-store
content-type
text/html
content-length
154
expires
Sat, 20 Nov 2021 11:11:19 GMT
ibs:dpid=771&dpuuid=CAESEBXqbgYpQS-hbIlMPRT0SHs&google_cver=1
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDQ1MDY5ODk1MTUzODEzMzA4MTAzMjIwOTkwMjA3MzAwNTcyNDc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEBXqbgYpQS-hbIlMPRT0SHs&google_cver=1?gdpr=0&gdpr_consent=
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEBXqbgYpQS-hbIlMPRT0SHs&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-0fd187a7f.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
0FOoqJwcTYw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEBXqbgYpQS-hbIlMPRT0SHs&google_cver=1?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=782&dpuuid=YZjX1wAAIzUr0wAd
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
  • https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
  • https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YZjX1wAAIzUr0wAd
  • https://dpm.demdex.net/ibs:dpid=782&dpuuid=YZjX1wAAIzUr0wAd
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YZjX1wAAIzUr0wAd
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-0cac9a0e9.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
aKCx8RqpTj0=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1637406680.588097,VS0,VE94
x-served-by
cache-fra19139-FRA
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YZjX1wAAIzUr0wAd
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
demdex_user_sync
sync.adaptv.advertising.com/ Frame B8DD
Redirect Chain
  • https://sync.adap.tv/demdex_user_sync
  • https://sync.adaptv.advertising.com/demdex_user_sync?
0
0
ibs:dpid=23728&dpuuid=YZjX13gF2dFP7dXfUwvTCwAA%261143
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
  • https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZjX13gF2dFP7dXfUwvTCwAA%261143
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZjX13gF2dFP7dXfUwvTCwAA%261143
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-02e73bb60.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ECIgP+yhR0o=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Sat, 20 Nov 2021 11:11:19 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YZjX13gF2dFP7dXfUwvTCwAA%261143
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
264
Expires
Sat, 20 Nov 2021 11:11:19 GMT
/
www.facebook.com/tr/ Frame F03C 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.afr.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.afr.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Sat, 20 Nov 2021 11:11:19 GMT
ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://ps.eyeota.net/match?bid=6j5b2cv&uid=04506989515381330810322099020730057247&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
  • https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
42 B
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v019-0d7ebfd97.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
104,303
X-TID
ecN2MDqmQdU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date
Sat, 20 Nov 2021 11:11:19 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
ibs:dpid=30646
dpm.demdex.net/ Frame B8DD
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=04506989515381330810322099020730057247&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-ks.crBZE2pFw2n3Nb5zTfJOdKLFyu.ANj94-~A
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-ks.crBZE2pFw2n3Nb5zTfJOdKLFyu.ANj94-~A
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fairfaxau.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-005611014.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
VbcMI3aSSfA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Sat, 20 Nov 2021 11:11:19 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-ks.crBZE2pFw2n3Nb5zTfJOdKLFyu.ANj94-~A
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
/
www.facebook.com/tr/ Frame AEDF 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.afr.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.afr.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Sat, 20 Nov 2021 11:11:19 GMT
container.html
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 65AF 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 20 Nov 2021 11:11:19 GMT
expires
Sun, 20 Nov 2022 11:11:19 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012111011823000/ Frame AD7D 		189 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
301245
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55592
x-xss-protection
0
server
sffe
date
Tue, 16 Nov 2021 23:30:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"11dee2040f5fc1d7"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 16 Nov 2022 23:30:34 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AD7D 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
399543
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4992
x-xss-protection
0
server
sffe
date
Mon, 15 Nov 2021 20:12:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"858600ba27ef7413"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 15 Nov 2022 20:12:16 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AD7D 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
279092
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28555
x-xss-protection
0
server
sffe
date
Wed, 17 Nov 2021 05:39:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a64e482645fd262b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 17 Nov 2022 05:39:47 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AD7D 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
302689
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1731
x-xss-protection
0
server
sffe
date
Tue, 16 Nov 2021 23:06:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"cb4f0e89d7d37d9b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 16 Nov 2022 23:06:30 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame AD7D 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
303075
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12826
x-xss-protection
0
server
sffe
date
Tue, 16 Nov 2021 23:00:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f02165e023e70703"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 16 Nov 2022 23:00:04 GMT
truncated
/ Frame AD7D 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba1b150aae72aa4387a86b5407f5ff0cf88f352b853fe8fd15afc7a28e9a49d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
15055626972640106459
tpc.googlesyndication.com/daca_images/simgad/ Frame AD7D 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/15055626972640106459
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6838f8662f6b2377df27aa61b20c7204777609ac4ad7af3f81be6bac042261be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 22:24:53 GMT
x-content-type-options
nosniff
age
132386
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
102833
x-xss-protection
0
last-modified
Thu, 18 Nov 2021 18:49:10 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 18 Nov 2022 22:24:53 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AD7D 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 09:41:39 GMT
x-content-type-options
nosniff
server
cafe
age
5380
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Sun, 21 Nov 2021 09:41:39 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AD7D 		295 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
4694
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Sun, 21 Nov 2021 09:53:05 GMT
l
www.google.com/ads/measurement/ Frame AD7D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSCjJKdMZ0lxUd1p4aAMLGuX7Fo4uYM8rXLelgGwQnWto2J9YVfSesmwJDviVfDKaZ3L5zD
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame AD7D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CAFd819eYYcCyB9DngAfBroFIwfehzmbG5MaI-g4KEAEgvdu5YGCVgoCAsAegAZuI0Z8DyAECqQLHX47EZ-2yPuACAKgDAcgDCKoEtAJP0JTQl4yaUuG886quSJcrQMA2i1YptpRmBk-ZysxmTLRUtKHqdbOH7iJ-k_c-09a3d5nvQslnAsTs2_nKWai9KBtn79ZXYYwUETnrgNgCt7rnxqftS9LIV_7qXnFd6CHfV9yKDr_o7Fxm62bQas0fqG10f_9LFxtot0YyckhZtJRJ344x1vK32tRcIrK6QL_PLxJ1Reg-6IXtpUboR4iKgYFIDjr3G_8oCw20RAxKgNjmzgoTNy1n8VPQzeVoCrh1kebgqDRNIhBpx5wSbNCNNQnTh02f1witluDwxArK3MMhS8IRN__yLsgypZAgnrmrElTvdiIqt_rtkIN19-b6XyGIaIzQCTgfe1j-Ff9eF35o8xVcfCE2cWRGMrq95pqb4iSRps5rDnoJsTqWsTbfzJTzu8AEne213bMD4AQBkgUECAQYAZIFBAgFGASgBgKAB833rmCoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCd9ErSCAkIgOGAcBABGB2ACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItODAyNzY1NTkxNzM0OTQxMBithWs&sigh=ESRudbtEMn8&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame F5F2 		0
434 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COPnrwIQ4YWo8AIYrbnztAEwAQ&v=APEucNWSdrfP2fW_jLvjl_lEcwMVGEFc0A1tXsWeiOOrQntRnpyczauKs6OY59q-CHeNODb8nBld2bUtrdA-pZguE3LkYAbNBQ
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 20 Nov 2021 11:11:19 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 65AF 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:02:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
542
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7840
x-xss-protection
0
server
cafe
etag
9525834815172239946
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 04 Dec 2021 11:02:17 GMT
omrhp_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 65AF 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp_fy2019.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 10:57:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
821
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2626
x-xss-protection
0
server
cafe
etag
8548655983161038638
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 04 Dec 2021 10:57:38 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 65AF 		0
571 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvBOHCeCewSUI7WxUAz_VTgiiyBYnkpmeMxxjmid8G2MmqPHbcC1YOQ5FAah9_8Vuc2I_-IQuq62yqn1dW_-Jr6icv8OjS_XbKZbLbnX8bHw0ZilCD9U6DeHHU5l4azbDzyx672fzwl12YXIih0oyAyjrSLkjXQ3afA7NjilWB1gQ2nwCjit4KU2CHSVzhP4EZZXQQdYRtrK40Ue0oSKctUcUqw-QZbhRpF451-s59dnQlVosJjjjOvnr4GZZl6gfPKCJItYP8s9lcpR6pPrb-w3JjAmzxMg0msSg_Z73xDBkrw9uLXuhXVR3658fcblVFGFHNkk0PoXPTr4bUR5RX3sSb7KvV_w4ocb1XOulEMwGf-fW-3xEhJrPZkP2-tWz7DdUVTNd7F7wA3XeAeutc3rkVNvwoWSvw2MELpdnhge_rj1EJ5zQ5SEpYyaOc2uJRaTAJ7RFffxr5JT9BkUYjY18aEkwDo6W94kcjj-JneYS4NxPMzJ9_NizScq6HKpkNhw-_F7nC-fhuAqJzNJtRBhOv1vZCquBupkzzoQf6Q_Wjt-HieP1-vJ97C-nyl-UdM1Go0QqYoUHo2pRFAzP9k5fde3HgSscr-9e29cYnRwGjkmvZDkblPYvLlxEBPq4g8sl14_TpkqZRGFIR3R8VpXmJYfLWXKMz8If7uYYkAZDvODXeBI1hBduBp9gZDF62fpWywFH3EOiSkE1pKnQLVPY5HDnBWcW4GbtUSkO9MLroueC6kfO3YvraZFacTlt8dfMdGOgfr0BQ-tW0q8uKR07dfJ7g1pYWqelnNzVmKI2KscM_wvriO6PtlHAXIjgLiP-9Zi0BK-f_KsnitPbyMs7REJhrNdh3pZXDXhzFjyll6CWDlBx8T-KCDMsVxclw_n_cM1V2gnKCt1BLTDWQmrOg8eP8-AMviwJjtragLg9tld9f0JsF5SVc-eOthMHppjaCxUuKefxlc0pkNyTyBGfQ4tOo8wmWk9XHcMQHLvKsXTSV9K1NxvbknDR5zHb2Ykb5sL9fI9Sdn1hKOnkLkeRwG1z1oSC33mW3Pu7503_CdD0AB5NSAlS8NCARXJg4hPXZrpnxGLXBFi3rgbhVNmr07sKl6Wf6uItABEizP94Rww6NAJ5_rPdtY6OUL6Y&sai=AMfl-YSDpVxc8GYipT3-9ghWhhfqgkvhxJFg8jsMP-bmxTZ1TTes6rvFJGIM9fktHf9OkzjXn_XDp7_01U_sVWe7_zPxreJZbiIyNqiEtMcu5SkE-sJz3QAP7hgeTEL2wJvIQzlIr0SedU8em0sSkkSxxNb2Fc4b1cKvso0oafRThH_acMut_oAXbiHHz8qjV8c82PijO7qOuIunL8Mk7WXER_KN2M-Jwixg7r7_EFaV_0FnUhRce64HUqkzu7gvghbsX7l3OQXIYGSdrlvMDcUGpOq2x1hDtIjO0OKo1E2h8LxB&sig=Cg0ArKJSzPSe_GiBCMemEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.44834&adurl=
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Sat, 20 Nov 2021 11:11:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 65AF 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 17:49:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
235284
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Thu, 17 Nov 2022 17:49:55 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 65AF 		42 B
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CeRcA-XG2ovjznRg8s5UP48b2BtrszyChtwQKR_b4xQeBp7ZaTIkYlYwLVrgsf7jv03ur3Xwwizg9pnYPIb_ew0b4ZXU5paxSEb0r46-d1T_jzzn4
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 65AF 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:08:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
158
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 04 Dec 2021 11:08:41 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 65AF 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 20 Nov 2021 11:11:19 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 65AF 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 10:57:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
804
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
16810888504096353422
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 04 Dec 2021 10:57:55 GMT
l
www.google.com/ads/measurement/ Frame 65AF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSiKZ5APikfiBawsNm-6-1Ve0NVIdo2fGppAQpV-obdCGUQ6H__ExG2BNtX8dcITjpCABYM
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
12163582836994494123
s0.2mdn.net/simgad/ Frame 65AF 		124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/12163582836994494123
Requested by
Host: 905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
URL: https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7df9f5d935184764a25104ce89a022757a3cf4b6d10009fb8204a8cf9cd946e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 20:31:20 GMT
x-content-type-options
nosniff
age
311999
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127426
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 11:44:08 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 16 Nov 2022 20:31:20 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame AD7D
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1E75 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Fri, 19 Nov 2021 09:35:04 GMT
expires
Sat, 19 Nov 2022 09:35:04 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
92175
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 65AF 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aab9fdadf638b2750e84151e05f3a58dd6cf8a0f3e2d79050194613fc763a11a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
view
googleads4.g.doubleclick.net/pcs/ Frame 65AF 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvBOHCeCewSUI7WxUAz_VTgiiyBYnkpmeMxxjmid8G2MmqPHbcC1YOQ5FAah9_8Vuc2I_-IQuq62yqn1dW_-Jr6icv8OjS_XbKZbLbnX8bHw0ZilCD9U6DeHHU5l4azbDzyx672fzwl12YXIih0oyAyjrSLkjXQ3afA7NjilWB1gQ2nwCjit4KU2CHSVzhP4EZZXQQdYRtrK40Ue0oSKctUcUqw-QZbhRpF451-s59dnQlVosJjjjOvnr4GZZl6gfPKCJItYP8s9lcpR6pPrb-w3JjAmzxMg0msSg_Z73xDBkrw9uLXuhXVR3658fcblVFGFHNkk0PoXPTr4bUR5RX3sSb7KvV_w4ocb1XOulEMwGf-fW-3xEhJrPZkP2-tWz7DdUVTNd7F7wA3XeAeutc3rkVNvwoWSvw2MELpdnhge_rj1EJ5zQ5SEpYyaOc2uJRaTAJ7RFffxr5JT9BkUYjY18aEkwDo6W94kcjj-JneYS4NxPMzJ9_NizScq6HKpkNhw-_F7nC-fhuAqJzNJtRBhOv1vZCquBupkzzoQf6Q_Wjt-HieP1-vJ97C-nyl-UdM1Go0QqYoUHo2pRFAzP9k5fde3HgSscr-9e29cYnRwGjkmvZDkblPYvLlxEBPq4g8sl14_TpkqZRGFIR3R8VpXmJYfLWXKMz8If7uYYkAZDvODXeBI1hBduBp9gZDF62fpWywFH3EOiSkE1pKnQLVPY5HDnBWcW4GbtUSkO9MLroueC6kfO3YvraZFacTlt8dfMdGOgfr0BQ-tW0q8uKR07dfJ7g1pYWqelnNzVmKI2KscM_wvriO6PtlHAXIjgLiP-9Zi0BK-f_KsnitPbyMs7REJhrNdh3pZXDXhzFjyll6CWDlBx8T-KCDMsVxclw_n_cM1V2gnKCt1BLTDWQmrOg8eP8-AMviwJjtragLg9tld9f0JsF5SVc-eOthMHppjaCxUuKefxlc0pkNyTyBGfQ4tOo8wmWk9XHcMQHLvKsXTSV9K1NxvbknDR5zHb2Ykb5sL9fI9Sdn1hKOnkLkeRwG1z1oSC33mW3Pu7503_CdD0AB5NSAlS8NCARXJg4hPXZrpnxGLXBFi3rgbhVNmr07sKl6Wf6uItABEizP94Rww6NAJ5_rPdtY6OUL6Y&sai=AMfl-YSDpVxc8GYipT3-9ghWhhfqgkvhxJFg8jsMP-bmxTZ1TTes6rvFJGIM9fktHf9OkzjXn_XDp7_01U_sVWe7_zPxreJZbiIyNqiEtMcu5SkE-sJz3QAP7hgeTEL2wJvIQzlIr0SedU8em0sSkkSxxNb2Fc4b1cKvso0oafRThH_acMut_oAXbiHHz8qjV8c82PijO7qOuIunL8Mk7WXER_KN2M-Jwixg7r7_EFaV_0FnUhRce64HUqkzu7gvghbsX7l3OQXIYGSdrlvMDcUGpOq2x1hDtIjO0OKo1E2h8LxB&sig=Cg0ArKJSzPSe_GiBCMemEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=117&vt=11&dtpt=116&dett=2&cstd=0&cisv=r20211111.44834&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 11:11:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame 1E75 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 14:28:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
74570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 19 Nov 2022 14:28:29 GMT
/
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8fb73449d8ccf2b7b2662a60be2462550447cf84ef0453c4f6be975b0d620dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
205414
cf-polished
origSize=8435
cf-ray
6b113ca6df6b2b95-FRA
edge-control
max-age=604800
x-envoy-upstream-service-time
6
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"20f3-vR4S+/WOpukXgCM8B/FcKiZPTCc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
chartbeat.js
static.chartbeat.com/js/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:cc00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 10:47:21 GMT
content-encoding
gzip
last-modified
Thu, 28 Oct 2021 00:27:20 GMT
server
nginx
age
1439
etag
W/"6179ee68-8e96"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 eab88762658052b4a1e386f8521a38cf.cloudfront.net (CloudFront)
cache-control
max-age=7200
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
-TJGTASk4xdMQ77cCWOqbATNLskdeTt2TMs6EcsxqJ0eXux1XA9q-g==
expires
Sat, 20 Nov 2021 12:47:21 GMT
dest5.html
nd.demdex.net/ Frame 4EB4 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nd.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.252.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-252-185.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Sat, 20 Nov 2021 11:11:20 GMT
DCS
dcs-prod-irl1-2-v019-0724f3096.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Thu, 14 Oct 2021 11:09:03 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
803z6RsFSQs=
Content-Length
2791
Connection
keep-alive
sodar
pagead2.googlesyndication.com/getconfig/ 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ce06e3dfe8442db4678feda4ed4f8bf19ab79d2cfd4d82e40b03282629f4e3ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 20 Nov 2021 11:11:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9232
x-xss-protection
0
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.afr.com
URL: https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sat, 20 Nov 2021 11:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
249
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5652
x-amz-id-2
5ppDeVKrTFtQz1MC9Lgw1jAbGIMfbzniyC6/s1mAx5iOzk8/3IXdjeXCBX68boKjdx47oxdKAfk=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 10 Dec 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 04 Nov 2021 15:26:13 GMT
server
ATS
etag
"146f99405588b7446958a732612c901d-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
QB8EWFDVWW3S57VY
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
pCmRUUjnQE9zqMEfVdrNnyYpaPAyW8Do
accept-ranges
bytes
content-type
application/javascript
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=419599435931961&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406680105&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=4&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:20 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406680106&sw=1600&sh=1200&v=2.9.48&r=stable&ec=4&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:20 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&rl=&if=false&ts=1637406680106&sw=1600&sh=1200&v=2.9.48&r=stable&ec=4&o=30&fbp=fb.1.1637406678795.885035356&it=1637406678608&coo=false&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Sat, 20 Nov 2021 11:11:20 GMT
sp.pl
sp.analytics.yahoo.com/ 		43 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&b=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&.yp=10167916&f=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&enc=UTF-8&yv=1.10.2&tagmgr=gtm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
43
referrer-policy
strict-origin-when-cross-origin
expires
Sat, 20 Nov 2021 11:11:20 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 20 Nov 2021 11:11:20 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E75 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Befl019eYYb-yB9DngAfBroFIAAAAADgB4AQC&bg=!FxSlFFDNAAZQLpa_UC47ACkAdvg8WrLN9z8O4GjnbYmTSCgPzpdB_x1cXUQS3qFVoRCdkAZZapxu5wIAAABtUgAAAAxoAQcKAC26xZ3JvnjxbxPJ6mgFo6MrgkImNyQGZdYbZve8VY0YM9TYC6aK6atP8stjkquZAuE9eYSPsIgiU6WX4TbfgLr61kZ6HPBZTvsRRckjjWVeJUaSQBSQNPhno4BJHjCYtlzZiU4xWtOUrGuzmOgQskj2oBw3GrQ3wzSUknfBm6IRLnAJPn3PbzvGnIK_Jedr9iT90ndjehK6NbeWJLylPKqzePNUQ_gkGYSLdzF8wVlmpMF8CepQ-IdLDij6sxKiJiVe0k3VDCmqKffNSTrd9Ks1evou8cXQg34bFXOJpV34OAyL_1KFstvke0_uoF0q8pgafQ00odS4NePoDkAZEXHVke7eikuOOy2QfxHJ9gUt9v2VKin_GNo6tE3rQSrS-NfTH8jkq5udl8ex_JGHWdGtlqnam2lt-xYlrVJHnTs_kdUfhQH_ToRunqDT7K7bhwNXKiNKuT2OpBV7jbDEQ0Bd6eyagqbhaP0sc_HFMdaDv2vCpFYwHZk4NSN8snX4qtyZsfON5ksa7_qNDS1593EcQlwBQ05c3MpPISere9YAlsfAwu97aJacplHeIzTL8bvpiA4lkOXrndZxCuPyBvPbLiIkaPcSy1ekPwxjAHmfpDiIPvnrvSbcBvqP9qRmAba0LnHnDosJD3Qfjonm7WbCzc_dUDUH0wZEGsYdhlwJDwlomM9uMKvgrmo28SpcFX9SqRWxB_XgXUGSrjWkVNEKDjd_Uq1pKwcnN53R7g3xuMaoCVSdMiTn1StPTApkZnYENirvrsPqVgPq3s--I4dalXFjPu0NrcJZbwzsXHx3RBT9qumxpcJ9eYiH0pNyl56txvPyWnQYQWClkikQCsGjGF1uuzAWDlRbInAT8Ca1UxQ8pOVfHecNw3R2LSeSF9UPjkzmDgsBztX1glVM92XXuklE-3AvRE2wWIP0Ce1EkodXK9x2-GcwLaELBdHpS8P7KJRN20g4TFhJ6u-NzpZGq9Ut6gwN5h35csZg4WCz_g6VlXY1yDG3ytL1S_BHUsjZvccQUc8Xq4ZtetgpmLh1FQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap
pixel.rubiconproject.com/ Frame 4EB4 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap?pid=28346&segments=3945729
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
611afce88997db6fdd35eb213e662871
Content-Type
image/gif
ping
ping.chartbeat.net/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=afr.com&p=%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh&u=D7XF4y9qob1BxHZ7V&d=afr.com&g=27223&g0=technology%2C%20article&g1=Adam%20Turner&g4=article&n=1&f=00001&c=0&x=0&m=0&y=3799&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&b=2297&_s=%7B%22pageViewId%22%3A%220F8FBC71-FFF1-41C8-A402-8254AF4B767D%22%7D&t=DdjFI0B6CAuKXQBZJDYBRCNlIkq4&V=129&i=Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix&tz=0&_acct=anon&sn=1&sv=DJem2RBnw-IjeeAWUjyxrGCYRIe2&sd=1&im=067b2ff3&_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.184.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-184-111.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
43
expires
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame B1BF 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 19 Nov 2021 23:57:18 GMT
expires
Sat, 19 Nov 2022 23:57:18 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
40442
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 7DFE 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1d07945056afa5b80231a65788dc5e321721af77e46257d2680d615038313820
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-34GVJij9r5ne54vX5O2wdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 20 Nov 2021 11:11:20 GMT
date
Sat, 20 Nov 2021 11:11:20 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-34GVJij9r5ne54vX5O2wdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
12.59a7acb124733d888c69.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=www.afr.com
Requested by
Host: zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
URL: https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
207036
cf-polished
origSize=57365
cf-ray
6b113ca72fde2b95-FRA
edge-control
max-age=604800
x-envoy-upstream-service-time
8
vary
Accept-Encoding
last-modified
Wed, 03 Nov 2021 17:52:57 GMT
server
cloudflare
x-powered-by
Express
etag
W/"e015-17ce6eeb8a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame B1BF 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 14:28:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
74571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 19 Nov 2022 14:28:29 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 7DFE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=35468394959504&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
sync
pixel.advertising.com/ups/28/ Frame 4EB4
Redirect Chain
  • https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true
  • https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true&verify=true
0
255 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true&verify=true
Protocol
H2
Server
18.185.183.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-183-183.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true&verify=true
date
Sat, 20 Nov 2021 11:11:20 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		1 KB
771 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1zw3m3dlvZEzjE2&Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.59a7acb124733d888c69.chunk.js?Q_CLIENTVERSION=1.64.0&Q_CLIENTTYPE=web&Q_BRANDID=www.afr.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
865392bf91afe07f2842b9bb7e66a5fa12dc44d166c000a0dac1de92ce1cb845
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-envoy-upstream-service-time
5
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.afr.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
trace-id
5e74ed931113041a
cf-ray
6b113ca788912b95-FRA
ibs:dpid=19566&dpuuid=%s
dpm.demdex.net/ Frame 4EB4
Redirect Chain
  • https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
  • https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
42 B
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v019-02486b1d5.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
104,303
X-TID
LOX/m5+MSUs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
server
nginx
etag
"60b823a6-cde"
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
cache-control
max-age=0, no-cache, no-store
content-type
text/html
content-length
154
expires
Sat, 20 Nov 2021 11:11:20 GMT
ibs:dpid=72352&dpuuid=2858410189763108339&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame 4EB4
Redirect Chain
  • https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
  • https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://dpm.demdex.net/ibs:dpid=72352&dpuuid=2858410189763108339&gdpr=0&gdpr_consent=
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=2858410189763108339&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
52.16.165.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-165-61.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v019-025614274.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Uh0MHt7PTBU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=2858410189763108339&gdpr=0&gdpr_consent=
date
Sat, 20 Nov 2021 11:11:20 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
usermatch.gif
beacon.krxd.net/ Frame 4EB4
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=04392943992645840350297740022456810277
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04392943992645840350297740022456810277
0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04392943992645840350297740022456810277
Protocol
H2
Server
52.51.5.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-5-121.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 11:11:20 GMT
cache-control
private, no-cache, no-store
x-request-time
D=35 t=1637406680
x-served-by
beacon-n008-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04392943992645840350297740022456810277
date
Sat, 20 Nov 2021 11:11:20 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a002-ash-prod.krxd.net
/
adc.nine.com.au/ Frame 4B4E
Redirect Chain
  • https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID
  • https://adc.nine.com.au/?appNexusUid=5141211787394852558
89 B
472 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adc.nine.com.au/?appNexusUid=5141211787394852558
Requested by
Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.253.223.140 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-253-223-140.ap-southeast-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
0f4aa5805de9bd3997d9cdaf1ca4da48456488c61f530e2cf1954e7dba4d20bb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/

Response headers

server
awselb/2.0
date
Sat, 20 Nov 2021 11:11:20 GMT
content-type
application/json; charset=utf-8
content-length
89
api-supported-versions
1.0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
cache-control
no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
strict-transport-security
max-age=2592000

Redirect headers

Server
nginx/1.17.9
Date
Sat, 20 Nov 2021 11:11:20 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://adc.nine.com.au?appNexusUid=5141211787394852558
AN-X-Request-Uuid
cabe07ac-66e7-4eeb-a1b6-b931453c9b1e
X-Proxy-Origin
136.243.198.81; 136.243.198.81; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
u
dmp.v.fwmrm.net/ad/ Frame 4EB4 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:5::149 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://nd.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 20 Nov 2021 11:11:20 GMT
Cache-Control
no-store
Expires
0
Content-Type
text/html
Content-Length
0
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=35468394959504&bg=!AwClAETNAAZQLpa_UC47ACkAdvg8WmseHZXM69AuJGAWwodaNFjKxlB_zInlOa52y5whgG-bm2fbZwIAAABlUgAAAAloAQeZAnHwhrEMqhW841FC3IaMge1EzOZCbGeMMo-fJmGFJfDu5vOE9JnrogmemApH3LOD51RNYeoC54v_V4FZmYqqWEfCSuuz6KDttpWmBA6yUnrVAMJgsS3lKZ9i6GevIZT_RFd3NIESZAhzTATRNtTSBMyxcvf01JXi1O6prcr_gfejskfFellHkiCMNsnfFExNdk6LqW2jd4gDULyFDDiCTFY2C974nnLqbXIKwLRTBYAjmxzSKzgWwkTbPAKjoa_P5z9KACmX2RlAve79FX1cdS7szIXYvEFpOnWC5R-TWNML5L2gdjzLvvYijNLUBmyABPCt4xxrKpGqZNZfnDHreF_6iXEX2X38CmrRpQQvo8a5mY0v1lQVW5R-GM5OQTThCy7AqHpcfT5XMe6qWZ6-Sl10iSR5YzV1ulyskxahXIr-IHI6lRdXHntYSa5lViW18KuZnfXkE-Axz-L8nPXSIfA3W0jeRqFD9hqOtGdOuY8Z1JBXgaLExuIXPVynG5TOGu-dpEMAPDlzCJVCN_-8vwgUPi8cfre6cDZf1a0ma0X-2p_eotUA1FM8l18JZKH2tZZLDFYTVkOKkxcb3i9QlpQ22sCx-4KGM09x3tF3o5W8UqJsMXSFzfhaUPHsDs9F2198GXASuWmdzwHMm5ZOoVj0R_i-3i_cRLF32sl_nYEGF8vFYorbpInkeIS7Yf6o7Xync1PhauB5Ccerf_RueJ8BiVUv4PrZtLZgv89gXBDPG2QFqazxPHZ14k-QXfJFcmgPfFb5GkgUITJx8KcNi_07Fq9eGtwmTwzDIhQv3JDS4ID_OSX01kltvytrK9X6dhsF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software
akka-http/10.0.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.afr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Content-Type
Access-Control-Allow-Origin
https://www.afr.com
Date
Sat, 20 Nov 2021 11:11:21 GMT
Server
akka-http/10.0.9
Content-Length
0
Connection
keep-alive
tp2
i.ffx.io/com.snowplowanalytics.snowplow/ 		2 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by
Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.96.192 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-238-96-192.ap-southeast-2.compute.amazonaws.com
Software
akka-http/10.0.9 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.afr.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Sat, 20 Nov 2021 11:11:21 GMT
Server
akka-http/10.0.9
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://www.afr.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
2
activeview
pagead2.googlesyndication.com/pcs/ Frame 65AF 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHeOWqu--EJtgDjOGJ-0yfTZXI8V801pCFeg-pbovW3tOqh8FG9vRp9MYpPgG8yum0FirWE-iAK3vEQjnYzwtofTwRbR0P_JVUVhIUi1Ay6oPzRB_AQQ&sai=AMfl-YSp7nbBmPku7BgjRXWGidjhFv_ovxfcsVN0B7-y3_9KYMX5W3Et4e8EyKvQGdBuwLw9lNxIhQ3ZDntCN3J2xGWJB_w-GSrmYfUauhbsjZt3kL2q25BSJ-feilsx&sig=Cg0ArKJSzO9AhzFmdiSvEAE&cid=CAASPeRobvZtf_CVgRwttqcoBbgMnBx_7q3F9sxJ3LMnapFyquKuZRh_O_tb-N34lYR72JycLxnBvS-5fveBCF8&id=lidar2&mcvt=1000&p=208,315,462,1285&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=2720056850&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637406679627&rpt=314&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gn
secure-dcr.imrworldwide.com/cgi-bin/ 		44 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-302812&ch=au-302812_b25_afr.com-brand%20only_S&asn=afr.com-brand%20only&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&sessionId=vrobdqwuphrhuxlcnt9klyisij1on1637406678&prv=1&c6=vc,b25&ca=NA&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&c32=segA,NA&c33=segB,Financial%20Review%20-%20Technology&c34=segC,NA&c15=apn,afr&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,mxmawoggef8bdhqef6uwzn04kciwj1637406679&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,1637406678882528&c30=bldv,6.0.0.615&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=p599kh&c3=st,c&c64=starttm,1637406681&adid=p599kh&c58=isLive,false&c59=sesid,&c61=createtm,1637406681&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959&c66=mediaurl,&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&c62=sendTime,1637406681&rnd=133710
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.22.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-22-133.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.afr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Nov 2021 11:11:21 GMT
server
nginx
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
44
expires
Thu, 01 Dec 1994 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.adaptv.advertising.com
URL
https://sync.adaptv.advertising.com/demdex_user_sync?

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dataLayer undefined| tempAdSlots function| swapAds number| index object| digitalData number| adCallCheckTimeout boolean| callAdLibFlag function| callAdLib object| GlobalSnowplowNamespace function| snowplow function| _typeof object| Snowplow object| googletag object| EUROPA function| Europa object| __LOADABLE_LOADED_CHUNKS__ object| google_tag_manager undefined| _ object| optimizely string| visibilityEvent boolean| hiddenState function| visibilityChanged function| fbq function| _fbq function| hj object| _hjSettings string| _linkedin_data_partner_id object| _linkedin_data_partner_ids object| dotq string| _linkedin_partner_id function| lintrk string| _bizo_data_partner_id object| sitekey string| PWidgetContainer string| PWidgetName boolean| isHiddenMode object| PLISTA function| retry function| isIE10OrLater function| detectPrivateMode object| ffx_analytics_nielsen object| adcelem function| twq object| regeneratorRuntime boolean| APP_MOUNTED object| snowplowData object| gs_channels object| moatPrebidApi object| europa object| ggeac object| google_js_reporting_queue object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules boolean| _already_called_lintrk object| YAHOO object| NOLCMB number| _nolggSDKPhotoNo number| _nolggSDKPageNo object| _nolggSDKGlobalParams object| _nolggSDKMetaData object| nSdkInstance object| twttr function| PLISTA_JSONP_CA6768 object| PLISTA_ function| NolTracker function| nol_t function| logger undefined| _rsCC undefined| _rsCG undefined| _rsDN undefined| v52v53_pvar undefined| v52v53_trac undefined| _rsEvent undefined| _rsLinkTrack undefined| _rsClick object| V60 object| NOLBUNDLE object| trac string| localstorageframe undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| isDomless undefined| documentReferrer undefined| isBeta undefined| viewHash undefined| tagType undefined| pxSrc undefined| moat_px object| Moat#G26 object| MoatSuperV26 object| MoatNadoAllJsonpRequest_34570880 object| Moat#PML#26#1.2 boolean| Moat#EVA function| __moatSlotTagLoadedfairfaxheader492510264302 undefined| google_measure_js_timing function| moatYieldReady object| ns object| paramsPassed object| stateObject object| errorState string| BUILDVERSION object| stateEvents object| google_tag_data string| GoogleAnalyticsObject function| ga function| str2Array function| toISODateOrUndef function| _getDataLayer function| bool_2_str function| capitalize number| engagement string| publishDate string| updateDate undefined| meterPeriodStart undefined| meterPeriodEnd function| userStatus object| _sf_async_config object| _cbq function| Visitor function| AppMeasurement_Module_AudienceManagement function| DIL object| s_c_il number| s_c_in object| nineFfxDil object| PARSELY object| gaplugins object| gaGlobal object| gaData object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| _etmc object| _etmc_temp string| func_name object| args string| collect_url object| ampInaboxIframes object| ampInaboxPendingMessages object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager number| _sf_endpt object| GoogleGcLKhOms object| _cb_shared object| pSUPERFLY_mab object| pSUPERFLY object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.64.0 object| _qsie object| google_image_requests

56 Cookies

Domain/Path Name / Value
.afr.com/ Name: _sp_ses.0af9
Value: *
.afr.com/ Name: optimizelyEndUserId
Value: oeu1637406678337r0.9964655360731296
.afr.com/ Name: _sp_id.0af9
Value: b853bb43-60cf-42ee-bf69-b756be516672.1637406678.1.1637406679.1637406678.aa7fbd86-6829-4751-b683-00d0d81db7c0
www.afr.com/ Name: _bsMode
Value: true
.afr.com/ Name: _fbp
Value: fb.1.1637406678795.885035356
.twitter.com/ Name: personalization_id
Value: "v1_KyyycrmhOXnjidg9PT04VQ=="
.afr.com/ Name: _hjSessionUser_182799
Value: eyJpZCI6IjAxMjRiMTliLWU5NGEtNTRiMC05N2RlLTRmZmU2ODFlMTE0OSIsImNyZWF0ZWQiOjE2Mzc0MDY2Nzg4MjcsImV4aXN0aW5nIjpmYWxzZX0=
.afr.com/ Name: _hjFirstSeen
Value: 1
.afr.com/ Name: _hjSession_182799
Value: eyJpZCI6ImRiZGM4ZDZjLTk4OGQtNDBhMy04MzNkLWM5NjMxZWRlNDE5MCIsImNyZWF0ZWQiOjE2Mzc0MDY2Nzg4NDh9
www.afr.com/ Name: _hjIncludedInSessionSample
Value: 1
.afr.com/ Name: _hjAbsoluteSessionInProgress
Value: 1
.yahoo.com/ Name: A3
Value: d=AQABBNbXmGECEL-zI8OjUqbnNbggW9pFSsYFEgEBAQEpmmGiYQAAAAAA_eMAAA&S=AQAAAt3SEX5LxdNuQOiDOUQdnY8
.afr.com/ Name: _gcl_au
Value: 1.1.732656605.1637406679
www.afr.com/ Name: ffx:audienceSegment
Value: single/loyal
.afr.com/ Name: _ga
Value: GA1.2.1022292280.1637406679
.afr.com/ Name: _gid
Value: GA1.2.1708300424.1637406679
.afr.com/ Name: _gat_ffxTracker
Value: 1
.demdex.net/ Name: demdex
Value: 04506989515381330810322099020730057247
.afr.com/ Name: AMCVS_BEB5C8A15492DB600A4C98BC%40AdobeOrg
Value: 1
.linkedin.com/ Name: UserMatchHistory
Value: AQK6mMJTSWrUEwAAAX09CyAVEhnXPjUyReJtIL3A2qvgzOVp-ymrSK-sBNKr3d7szpQOwLnvaGn1NA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLgo71fGh_LFwAAAX09CyAVivNVWgyy4we3rBLJIgxm6DK-8RIfdM9YjFkN8wJiEbV8O9vxszICwbCT6VNy4w
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&e1ded03c-d2ca-4a2f-8575-0309b5e3b058"
.linkedin.com/ Name: lidc
Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2183:u=1:x=1:i=1637406679:t=1637493079:v=2:sig=AQHrYJWdumjYcCqC9AP6MRJq4EWuPT-Q"
.imrworldwide.com/ Name: SSCVER
Value: v1
.imrworldwide.com/ Name: IMRID
Value: 9622f770-49f2-11ec-8402-3371f1264c9f
.afr.com/ Name: AMCV_BEB5C8A15492DB600A4C98BC%40AdobeOrg
Value: -1176276602%7CMCIDTS%7C18952%7CMCMID%7C04376036938693686720300554978608811814%7CMCAAMLH-1638011479%7C6%7CMCAAMB-1638011479%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1637413879s%7CNONE%7CMCAID%7CNONE
.afr.com/ Name: aam_uuid
Value: 04392943992645840350297740022456810277
.adnxs.com/ Name: uuid2
Value: 5141211787394852558
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20211120111119fd8f5fba-ab0e-4255-8c96-b3a2dbb20cb5AQFG68nW_FuYbyteIiTYmyvq0lYxThv7"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Mzc0MDY2Nzk7MjswMjG5OrTYm5O2i4rOaHA09u7S5M4PJ+AF5KWhKWjVBDV+vw==
.afr.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.afr.com/technology/ransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh#Echobox=1637265959%22%2C%22sref%22:%22%22%2C%22sts%22:1637406679355%2C%22slts%22:0}
.afr.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=17db1e4d6d4272aab0f79cbf6ef7b77d%22%2C%22session_count%22:1%2C%22last_session_ts%22:1637406679355}
.dpm.demdex.net/ Name: dpm
Value: 04506989515381330810322099020730057247
.turn.com/ Name: uid
Value: 4442720377856856468
.casalemedia.com/ Name: CMID
Value: YZjX13gF2dFP7dXfUwvTCwAA
.casalemedia.com/ Name: CMPS
Value: 5233
.eyeota.net/ Name: SERVERID
Value: 19023~DM
.casalemedia.com/ Name: CMPRO
Value: 1143
.casalemedia.com/ Name: CMST
Value: YZjX12GY19cA
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YZjX1wAAIzUr0wAd
.doubleclick.net/ Name: IDE
Value: AHWqTUkaGaUiRQlldmz9NIjQRr0zkvbyomrHoFuxN574R8LwIGtvQWhtYj4kwAyMV9s
.afr.com/ Name: __gads
Value: ID=9f924366ed5d657a:T=1637406679:S=ALNI_MYsEiegtyQOmEa7gG-Vk7A6EaqCrw
.doubleclick.net/ Name: DSID
Value: NO_DATA
www.afr.com/ Name: _cb_ls
Value: 1
www.afr.com/ Name: _cb
Value: D7XF4y9qob1BxHZ7V
www.afr.com/ Name: _chartbeat2
Value: .1637406680164.1637406680164.1.DJem2RBnw-IjeeAWUjyxrGCYRIe2.1
www.afr.com/ Name: _cb_svref
Value: null
.advertising.com/ Name: APID
Value: UP96cf1628-49f2-11ec-b239-0656ad4e5f34
.nine.com.au/ Name: NUID
Value: 0b7cb8c3a23f4802a9e82dffad2d5b72
.afr.com/ Name: NUID
Value: 0b7cb8c3a23f4802a9e82dffad2d5b72
.demdex.net/ Name: dextp
Value: 358-1-1637406679291|470-1-1637406679323|481-1-1637406679342|466-1-1637406679382|771-1-1637406679394|782-1-1637406679409|832-1-1637406679425|23728-1-1637406679440|30064-1-1637406679455|30646-1-1637406679470|6835-1-1637406680226|19566-1-1637406680251|72352-1-1637406680313|66757-1-1637406680320|796-1-1637406680335
.3lift.com/ Name: tluid
Value: 2858410189763108339
.krxd.net/ Name: _kuid_
Value: OfjH4OD5
.fwmrm.net/ Name: _uid
Value: "a117_7032608140852705998"

4 Console Messages

Source Level URL
Text
network error URL: https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22Ransomware%20extortion%20tactics%20put%20businesses%20in%20a%20fix%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Ftechnology%2Fransomware-extortion-tactics-put-businesses-in-a-fix-20211117-p599kh%23Echobox%3D1637265959%22%2C%22referrer%22%3A%22%22%2C%22user_info%22%3A%7B%7D%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://sync.adaptv.advertising.com/demdex_user_sync?
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://pixel.advertising.com/ups/28/sync?uid=04392943992645840350297740022456810277&_origin=1&redir=true&verify=true
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10510523.collect.igodigital.com
6633783.fls.doubleclick.net
905acb076f27634a4e5531ab96ea4e45.safeframe.googlesyndication.com
a304207300.cdn.optimizely.com
ad.doubleclick.net
adc-js.nine.com.au
adc.nine.com.au
adservice.google.com
adservice.google.de
analytics.twitter.com
api.afr.com
beacon.krxd.net
cdn-gl.imrworldwide.com
cdn.ampproject.org
cdn.optimizely.com
cdn.parsely.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d.turn.com
d2uhnetoehh304.cloudfront.net
dmp.v.fwmrm.net
dmpsync.3lift.com
dpm.demdex.net
fairfaxau.demdex.net
fairfaxau.sc.omtrdc.net
fairfaxmedia.gscontxt.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.ffx.io
ib.adnxs.com
image5.pubmatic.com
l.ffx.io
logx.optimizely.com
mb.moatads.com
nd.demdex.net
nova.collect.igodigital.com
p1.parsely.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.advertising.com
pixel.rubiconproject.com
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
rtd-tm.everesttech.net
rtd.tubemogul.com
s.yimg.com
s0.2mdn.net
script.hotjar.com
secure-au.imrworldwide.com
secure-dcr.imrworldwide.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
siteintercept.qualtrics.com
sjs.bizographics.com
snap.licdn.com
sp.analytics.yahoo.com
ssum.casalemedia.com
static-au.plista.com
static.ads-twitter.com
static.chartbeat.com
static.ffx.io
static.hotjar.com
stats.g.doubleclick.net
sync.adaptv.advertising.com
t.co
token.rubiconproject.com
tpc.googlesyndication.com
usermatch.krxd.net
vars.hotjar.com
vc.hotjar.io
vrobdqwuphrhuxlcnt9klyisij1on1637406678.nuid.imrworldwide.com
www.afr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
z.moatads.com
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
sync.adaptv.advertising.com
104.17.208.240
104.244.42.131
104.244.42.5
108.174.10.14
13.224.195.69
13.224.195.94
13.225.78.103
13.225.78.105
13.225.85.39
13.238.165.50
13.238.96.192
136.243.44.4
142.250.185.162
142.250.185.226
142.250.186.98
142.250.74.198
15.188.95.229
151.101.130.49
151.101.2.49
158.101.192.201
18.169.85.185
18.185.183.183
185.33.220.242
199.232.136.157
2.18.233.180
2.18.234.21
2.18.235.40
2001:678:cb4:bbbb::13
212.82.100.181
212.82.100.182
23.67.128.30
2600:9000:20eb:a200:7:3896:c640:93a1
2600:9000:20eb:cc00:18:1fcd:34f:cdc1
2600:9000:21f3:4400:2:42d9:3100:93a1
2600:9000:21f3:600:10:2964:9d00:21
2600:9000:21f3:8400:1e:a43d:b640:93a1
2600:9000:21f3:e000:1d:667e:2a40:93a1
2607:ae80:5::149
2620:119:50e7:101::9002:e05
2620:1ec:21::14
2a00:1288:80:800::7001
2a00:1450:4001:802::2002
2a00:1450:4001:808::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2006
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2001
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c01::9b
2a02:26f0:1700:793::13b8
2a02:26f0:6c00::210:ba13
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a04:4e42:600::645
2a04:4e42::645
34.249.252.185
52.16.165.61
52.204.6.70
52.44.110.4
52.44.184.111
52.44.89.131
52.51.5.121
52.57.150.20
54.144.144.142
54.155.22.133
54.253.223.140
69.173.144.139
76.223.111.18
00cec741575df2df802bfe5589e0a7ca0203ce706451ab086c61deac873920b0
05265edea86e28659b1035197f238e5a321f20c546285bfccb066c64d2657b92
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0f4aa5805de9bd3997d9cdaf1ca4da48456488c61f530e2cf1954e7dba4d20bb
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769
1d07945056afa5b80231a65788dc5e321721af77e46257d2680d615038313820
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
20d1e35b5637118da9d6d4564cbc536393c0fe04cf3e643b526a75e6303cff97
2147901a5a424ea92ad2fd2457976c46765880cf4d267aa711df70d026912ab7
222636c2810fe948341450766980c2eec11a5db55a64e544bc6e7ee7652902ac
22519d9cd171433378d1fc980255f474665c59aac659506388865b70a5791a7a
2544aceebb5700eb1f0983c96de18fcd7846d3b49fd6166eb00364343d1e4e04
266a2dbeae31704f7b74e51762545af77ae10d2086071bd787c27270b45c32e7
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
268e8e0de6e332690909ac0c0b9288a24372727daec3158281ef06db4a35f012
28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea
2cd62995b40ffaa521ba7d9bca7b1fcf6eb0850c938fd1ac1ebf14d7325b5663
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb
338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3
346fc2fb1d15814fae554c303c8a2dae4cd67990f8ebe40fc5561b18e133cb78
34b8cad3668ce7f715858b81973d61fa9a2f0f7b42a7bf6a77fb517cdee62bf4
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
427280c472633d1aa5642a55e3fafee9f74831a60682164ab2896f92576b5e83
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443a2dc3503a79ba039d8ae0969bbe0e6f3d3469e4f1b355627ff7e1530dad67
453b9ac9d54282c9838b51a5ea6d8fc34983a90050a750bccccc339e61109d86
4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a
47c87e2004b4452b33d08a61a3807a87c6fec50158f9909ac1013f4b81e8bb41
486a33a8e9c0d09f051eef39f71266282329428845a61aee8666cc287677a029
48f2243a31d116f576b0c06cbed9b9ad55d92a8910ec53f9fbe525ec020649db
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4f33e851edbf5c108182325fcfdde5b0c37b8043c4e0783c2df2de9e57857d63
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0
578064b72fe9ed6bc5d94034e2eeb8976f23df0168ff7792dbd2c9086e052f47
59959cc851f137051643efa33b76d915990ea75cc993a6866e3708d4270f2023
59d1fe77c0d1ebe0d67f0573054abc91778b82b7ffe93e734720986ec4496650
5cfbadfb6ffef50b0900cace97426d4fb51d5321a9f4e85b9934a2566bdb905a
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
676e45f8459ced300bf85e30dbd33e14c7b2d5401c1e9151b7c45ae58471cb23
6838f8662f6b2377df27aa61b20c7204777609ac4ad7af3f81be6bac042261be
6902d150ba78c1e2d335ef4b0245e769a2c42a45e30dc4e7b610fe0687a682f0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7df9f5d935184764a25104ce89a022757a3cf4b6d10009fb8204a8cf9cd946e5
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee
85e9c3aed667efe72eb9e098034b25d6f46d588edd022478444ac386bdcc6e80
865392bf91afe07f2842b9bb7e66a5fa12dc44d166c000a0dac1de92ce1cb845
87ee94ea6e5b94af621d1c45232a4aed93edc7aeaf88e3c05ae15012834c7917
8a759dbfeb3b9fecbbab7aa723b982191f08b0eec9c3cfec18f8f7b3c27d6268
8a8c8a1d36423c9a81c9f57b7504b886b32361e5bafdaddf67be7a446029c4fb
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd
8bd5598d856e935d7efd5d3797a8a9b48423b2b30a27c3c9503efb6cf267ecb6
934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
99571b4a667514695027f681d4b84645a4c52e27012cd6920312961ff9031ed0
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f
a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df
a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a84ebe0712f0c8b775536d58221c8773b2552eb1cb1bd68560222ae80e56d318
aab9fdadf638b2750e84151e05f3a58dd6cf8a0f3e2d79050194613fc763a11a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc8dc85b366921e4a3edfc0dd1ab2e53a02726fd31075eaea85d7d54337dbe9
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
aee3aa96c5f2155e0e1616013a5cf79e38e39ace446a799a11709970d2ad613e
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b34e66d5e325bbf7dc79d9e17bbb8677ee970ebf4b83aa3e96223948cc783f95
b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d
b4a0b54eedc0e013b9a90629f9f6e1673085c5778e0028e37a4017460368e6f3
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b8fb73449d8ccf2b7b2662a60be2462550447cf84ef0453c4f6be975b0d620dd
ba1b150aae72aa4387a86b5407f5ff0cf88f352b853fe8fd15afc7a28e9a49d3
bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc
c8380e3bf82f742f26093c9e273b38d84feb6bb2e1d50c2954d1a79dd86b3bfd
ca343b67eba1f0268404fd700943e78cda59dfb987386e906e2d19a88e0a5df8
ce06e3dfe8442db4678feda4ed4f8bf19ab79d2cfd4d82e40b03282629f4e3ca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3976ea4d6f3db03a05eebb0c048f94daf0204a21efee553a47c9f329e44cc11
d511ec0b8b407c30c0a412aa3eaf73ef01d2d7df28e02c4c3c0480e10eb1f9a4
d7564954237d38e51cc76077c87f18d88de3cf164e7aea9aa912220310d94369
dd206f8ce747a813ac3ac9a88fbf5dab339c2c9e1987e2704ad0aa7bc40218d0
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e08410c46d34e10e615b8db79c9ff00de29e1a60179ede7a355d1d9c1c5307c8
e0d71e9e83d526a320cdee881361d1abcf386a92a21c116a31976690453bc75c
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65e5ab701115114072ff2c9e28b0a533c8d3cbe3eb541af8b9ede34f9f80c6f
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36ee956a765b39616a101d6a62076d0d257a12f107cd9ef50d61136e8b851c3
f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73
fdb3c6cf003fd30bfc3edd21a3664edc2b4407daef1879323378c491742c93ec
fe0e2b419121ae56140882d7bcd17ac614cc9cb71caf8a40781291ad3f7bec17
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3