urlscan.io logo urlscan.io
SecurityTrails logo

au.saving.direct Open in urlscan Pro
52.48.82.149  Public Scan

Go To Rescan Add Verdict Report
URL: https://au.saving.direct/
Submission Tags: krdprod
Submission: On October 17 via api from JP — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 3 countries across 14 domains to perform 60 HTTP transactions. The main IP is 52.48.82.149, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is au.saving.direct.
TLS certificate: Issued by R3 on October 16th 2021. Valid for: 3 months.
This is the only time au.saving.direct was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 52.48.82.149 16509 (AMAZON-02)
9 52.19.165.23 16509 (AMAZON-02)
9 142.250.186.66 15169 (GOOGLE)
3 142.250.185.72 15169 (GOOGLE)
3 178.250.0.130 44788 (ASN-CRITE...)
1 142.250.186.98 15169 (GOOGLE)
1 172.217.16.138 15169 (GOOGLE)
3 172.217.23.100 15169 (GOOGLE)
2 13.32.99.40 16509 (AMAZON-02)
4 142.250.185.66 15169 (GOOGLE)
1 142.250.186.67 15169 (GOOGLE)
1 142.250.186.35 15169 (GOOGLE)
1 142.250.186.162 15169 (GOOGLE)
1 142.250.186.174 15169 (GOOGLE)
2 178.250.2.131 44788 (ASN-CRITE...)
1 172.217.16.130 15169 (GOOGLE)
2 18.235.25.51 14618 (AMAZON-AES)
1 142.250.185.193 15169 (GOOGLE)
2 178.250.2.146 44788 (ASN-CRITE...)
2 52.201.77.148 14618 (AMAZON-AES)
2 142.250.186.97 15169 (GOOGLE)
60 21
9    52.48.82.149 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
au.saving.direct
9    52.19.165.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: koi01.koiadvertising.com
cdn.koiadvertising.com
9    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
pagead2.googlesyndication.com
googleads.g.doubleclick.net
3    142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net
www.googletagmanager.com
3    178.250.0.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googletagservices.com
1    172.217.16.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f10.1e100.net
fonts.googleapis.com
3    172.217.23.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f4.1e100.net
www.google.com
2    13.32.99.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-40.fra60.r.cloudfront.net
api.pushnami.com
4    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
securepubads.g.doubleclick.net
partner.googleadservices.com
1    142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
www.gstatic.com
1    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
fonts.gstatic.com
1    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
www.googleadservices.com
1    142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net
www.google-analytics.com
2    178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com
bidder.criteo.com
1    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
adservice.google.com
2    18.235.25.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-25-51.compute-1.amazonaws.com
trc.pushnami.com
1    142.250.185.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f1.1e100.net
2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    52.201.77.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-77-148.compute-1.amazonaws.com
psp.pushnami.com
2    142.250.186.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f1.1e100.net
tpc.googlesyndication.com
Domain Requested by
9 cdn.koiadvertising.com au.saving.direct
9 au.saving.direct au.saving.direct
6 pagead2.googlesyndication.com au.saving.direct
pagead2.googlesyndication.com
tpc.googlesyndication.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.googleadservices.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
3 www.google.com au.saving.direct
tpc.googlesyndication.com
3 static.criteo.net au.saving.direct
3 www.googletagmanager.com au.saving.direct
www.googletagmanager.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 psp.pushnami.com api.pushnami.com
2 gum.criteo.com static.criteo.net
gum.criteo.com
2 trc.pushnami.com api.pushnami.com
2 bidder.criteo.com static.criteo.net
2 api.pushnami.com au.saving.direct
api.pushnami.com
1 2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com www.google.com
1 fonts.googleapis.com au.saving.direct
1 www.googletagservices.com au.saving.direct
60 23

This site contains links to these domains. Also see Links.

Domain
uk.saving.direct
Subject Issuer Validity Valid
au.saving.direct
R3		 2021-10-16 -
2022-01-14		 3 months crt.sh
cdn.koiadvertising.com
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.pushnami.com
Amazon		 2021-04-18 -
2022-05-17		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 8 frames:

Primary Page: https://au.saving.direct/
Frame ID: AE76532992288237221D654ABE0238DF
Requests: 48 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Frame ID: 95CF6CADDC1A94228047841A6A010E05
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7821717121219568&output=html&adk=1812271804&adf=3025194257&lmt=1634469956&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fau.saving.direct%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634469956586&bpp=3&bdt=430&idt=142&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5209424061257&frm=20&pv=2&ga_vid=1991036476.1634469957&ga_sid=1634469957&ga_hid=1766200152&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063005%2C31062945%2C31062931&oid=2&pvsid=4384008310973835&pem=616&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=160
Frame ID: C57B163629B9AE8F02D65302BBB5C666
Requests: 1 HTTP requests in this frame

Frame: https://2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 93259CCBCC7A9EC6658AF00F6576881B
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=au.saving.direct
Frame ID: D50A5B3B38FE27F1C8BA7EB5BA53B9C2
Requests: 2 HTTP requests in this frame

Frame: https://api.pushnami.com/scripts/v1/hub
Frame ID: 121010B44FFE679D5B474398CA988B5A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 78AB045C70540A884DA18D5C3B3F4D94
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8366D7DE636A92CC1B2E858064172670
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Saving Direct

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • api\.pushnami\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

60
Requests

100 %
HTTPS

0 %
IPv6

14
Domains

23
Subdomains

21
IPs

3
Countries

1105 kB
Transfer

2802 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
au.saving.direct/ 		14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
3f929a7e1bd9f9e3897d2feb98f7eec03155cf6a89698dd74265179e9dde594f

Request headers

Host
au.saving.direct
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Server
Apache
Set-Cookie
_=m25u64dp0gaalqhf4h3bs46mq4; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
3588
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
jquery-1.11.3.min.js
cdn.koiadvertising.com/src/skins/common/js/jquery/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/jquery/jquery-1.11.3.min.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:06 GMT
Server
Apache
ETag
"176d5-58602603bf7f5-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33279
Expires
Wed, 27 Oct 2021 11:25:56 GMT
jquery-ui.min.css
cdn.koiadvertising.com/src/skins/common/js/jquery-ui-1.11.4-all/ 		29 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/jquery-ui-1.11.4-all/jquery-ui.min.css
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
2696a7d00f6b9550437b22caad9314772968580fa0c6f8a58065b03e8d3039b9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:15 GMT
Server
Apache
ETag
"7545-5860260cffa8e-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
7369
Expires
Wed, 27 Oct 2021 11:25:56 GMT
bootstrap.css
au.saving.direct/src/skins/common/css/bootstrap-3.3.5/css/ 		144 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://au.saving.direct/src/skins/common/css/bootstrap-3.3.5/css/bootstrap.css?v=6
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ef9c554bca3ce5b9f978b626ff8c3a441c0468af2599bdb4e9b6b32f6743f058

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:23 GMT
Server
Apache
ETag
"23fe6-5860261472e29-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
21525
bootstrap-theme.min.css
cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/css/ 		23 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/css/bootstrap-theme.min.css?v=2
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
6c7422a9c15b9c96f542187ad5163d70c87a911d204ee418ea214e063d728f4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:23 GMT
Server
Apache
ETag
"5b3d-5860261402949-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2735
Expires
Wed, 27 Oct 2021 11:25:56 GMT
custom.css
au.saving.direct/src/skins/savingdirect/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://au.saving.direct/src/skins/savingdirect/css/custom.css?v=7
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
7c3b0b6077c21e46e421266707179aed3af589c1f2742016609c88605d5f0b82

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 26 May 2021 14:16:57 GMT
Server
Apache
ETag
"3b02-5c33c4ba3086e-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2969
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
6e8fa2ba4298cefa603b45cfe8a67d05ca87377ffdb865028a4e5a13360390c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51454
x-xss-protection
0
server
cafe
etag
16597875278525187605
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 11:25:56 GMT
js
www.googletagmanager.com/gtag/ 		96 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1023120215
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
9aa98efa8176d3680cee333ffdac1506a94baa7c861c1cbbe603ae0e03a9fe59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39133
x-xss-protection
0
last-modified
Sun, 17 Oct 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 17 Oct 2021 11:25:56 GMT
js
www.googletagmanager.com/gtag/ 		123 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q4GC552HB3
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
4ae129012649a94cc17c7d0b1f74eb7fd46cdd3f31156323af3e115de99029f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49359
x-xss-protection
0
expires
Sun, 17 Oct 2021 11:25:56 GMT
publishertag.js
static.criteo.net/js/ld/ 		119 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
808ecd508fafb1836f5a350eb2165824e8130f96ba29e1b35d9d473d8b13708e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
last-modified
Mon, 04 Oct 2021 12:34:27 GMT
server
nginx
etag
W/"615af4d3-1dd0f"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 18 Oct 2021 11:25:56 GMT
gpt.js
www.googletagservices.com/tag/js/ 		80 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
08938ade08efebf0c312f678938a2d45af1c2a02f282abe296ddd8125b691e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1017 / 691 of 1000 / last-modified: 1634411080"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27172
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 17 Oct 2021 11:25:56 GMT
logo-sd-education-large-dark_60798bab7ac0a.png
au.saving.direct/var/public/logos/ 		165 KB
165 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://au.saving.direct/var/public/logos/logo-sd-education-large-dark_60798bab7ac0a.png
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
26da91d47d63a95a678b34cdffaff0a49532195d53bd23797f6a0081ac911bb7

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Fri, 16 Apr 2021 13:05:47 GMT
Server
Apache
ETag
"2943b-5c016a371a7ba"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
169019
flag-au.png
au.saving.direct/src/skins/savingdirect/images/ 		879 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://au.saving.direct/src/skins/savingdirect/images/flag-au.png
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
2ef56dc520037260cca27bcca24585f36606ddf03e3d84a811a3cc137c26f526

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Mon, 08 Apr 2019 10:34:54 GMT
Server
Apache
ETag
"36f-586026317b7f2"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
879
flag-uk.png
au.saving.direct/src/skins/savingdirect/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://au.saving.direct/src/skins/savingdirect/images/flag-uk.png
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9d5579d2ae226889e9cc592035a86cbe20c570edbdeb6394ec7ebc23c4246571

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Mon, 08 Apr 2019 10:35:28 GMT
Server
Apache
ETag
"499-58602651cee19"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1177
jquery-ui.min.js
cdn.koiadvertising.com/src/skins/common/js/jquery-ui-1.11.4-all/ 		235 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/jquery-ui-1.11.4-all/jquery-ui.min.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
7d262e6732e70aa65dbc59b8eccb8c24d809bc295090d05eb966c4e3b35f926a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:15 GMT
Server
Apache
ETag
"3ab2b-5860260c5f80f-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Wed, 27 Oct 2021 11:25:56 GMT
jquery.validate.min.js
cdn.koiadvertising.com/src/skins/common/js/jquery-validate-1.14.0/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/jquery-validate-1.14.0/jquery.validate.min.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:07 GMT
Server
Apache
ETag
"5262-586026049c335-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6805
Expires
Wed, 27 Oct 2021 11:25:56 GMT
additional-methods.min.js
cdn.koiadvertising.com/src/skins/common/js/jquery-validate-1.14.0/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/jquery-validate-1.14.0/additional-methods.min.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
2b9a658314baccfef5f3b1d279571f0c1dbe62e6f71735828dd7606e426ba798

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:07 GMT
Server
Apache
ETag
"433a-58602604d4d75-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5009
Expires
Wed, 27 Oct 2021 11:25:56 GMT
bootstrap.min.js
cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/js/bootstrap.min.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:21 GMT
Server
Apache
ETag
"8fd0-58602612c14aa-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
9745
Expires
Wed, 27 Oct 2021 11:25:56 GMT
bootstrap3-typeahead.js
cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/css/bootstrap-3.3.5/js/bootstrap3-typeahead.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
8a72d52ce71a505a161318e1d3c1e40845ef7955969075699bea53d43907b5ba

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 08 Apr 2019 10:34:21 GMT
Server
Apache
ETag
"43d4-5860261203d6a-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
4793
Expires
Wed, 27 Oct 2021 11:25:56 GMT
css
fonts.googleapis.com/ 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f10.1e100.net
Software
ESF /
Resource Hash
415a956d0d84f7f02e10233bcf0ba9ab058d547f20dc8825f8b649c96e1b699e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 17 Oct 2021 09:43:33 GMT
server
ESF
date
Sun, 17 Oct 2021 11:25:56 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Sun, 17 Oct 2021 11:25:56 GMT
api.js
www.google.com/recaptcha/ 		850 B
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f4.1e100.net
Software
GSE /
Resource Hash
257c07e40f4fdd78d66090a4347816a4777d8f2ab8b266d4aebf56da90538cbc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Sun, 17 Oct 2021 11:25:56 GMT
custom.js
cdn.koiadvertising.com/src/skins/common/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.koiadvertising.com/src/skins/common/js/custom.js?v=2
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.165.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
koi01.koiadvertising.com
Software
Apache /
Resource Hash
384d829a4391680df3507de956967f8a87c637b42c0eeeb054081ec4cbfbfb04

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Sep 2021 09:22:56 GMT
Server
Apache
ETag
"13e7-5cc69d38c8141-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=864000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1678
Expires
Wed, 27 Oct 2021 11:25:56 GMT
custom.js
au.saving.direct/src/skins/savingdirect/js/ 		0
277 B 		Script
General
Check archive.org
Download Go to
Full URL
https://au.saving.direct/src/skins/savingdirect/js/custom.js?v=1
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://au.saving.direct/
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Mon, 08 Apr 2019 10:35:49 GMT
Server
Apache
ETag
"0-586026660d7ea"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
0
5d237166fb89b15595918400
api.pushnami.com/scripts/v1/pushnami-adv/ 		74 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pushnami.com/scripts/v1/pushnami-adv/5d237166fb89b15595918400
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-40.fra60.r.cloudfront.net
Software
/
Resource Hash
5392fcbfd0839c09ad663c6261c8d00a794379285e11eb901b2c6281a2394029

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
vary
accept-encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
no-cache
content-encoding
gzip
x-amz-cf-id
XXHGCQ6MPoweRn6WNxChHlkDMJs14n2j2q6305HsMAa8LOdK2tsFcA==
glyphicons-halflings-regular.woff2
au.saving.direct/src/skins/common/css/bootstrap-3.3.5/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://au.saving.direct/src/skins/common/css/bootstrap-3.3.5/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/src/skins/common/css/bootstrap-3.3.5/css/bootstrap.css?v=6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://au.saving.direct
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://au.saving.direct/src/skins/common/css/bootstrap-3.3.5/css/bootstrap.css?v=6
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Referer
https://au.saving.direct/src/skins/common/css/bootstrap-3.3.5/css/bootstrap.css?v=6
Origin
https://au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Mon, 08 Apr 2019 10:34:19 GMT
Server
Apache
ETag
"466c-58602610ed84b"
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
18028
pubads_impl_2021101301.js
securepubads.g.doubleclick.net/gpt/ 		361 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124741
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 08:34:16 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 17 Oct 2021 11:25:56 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		35 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=au.saving.direct
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
b4df94d683af23847d01e7eb530152a6b83f99dffe17c85e618ab4e293d38410
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51
x-xss-protection
0
expires
Sun, 17 Oct 2021 11:25:56 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ 		346 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://au.saving.direct/
Origin
https://au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 09:41:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6256
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
137921
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 04:21:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="recaptcha"
expires
Mon, 17 Oct 2022 09:41:40 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v22/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v22/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,100,200,300,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:10:53 GMT
x-content-type-options
nosniff
age
486903
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47312
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 19:40:30 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 11 Oct 2022 20:10:53 GMT
icon-close.png
au.saving.direct/src/skins/savingdirect/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://au.saving.direct/src/skins/savingdirect/images/icon-close.png
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/src/skins/savingdirect/css/custom.css?v=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.82.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-82-149.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
c0e2b507206317299ccdd7ec276b0be966e6afa2617da415f1435546a8a32527

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
au.saving.direct
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://au.saving.direct/src/skins/savingdirect/css/custom.css?v=7
Cookie
_=m25u64dp0gaalqhf4h3bs46mq4
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/src/skins/savingdirect/css/custom.css?v=7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 17 Oct 2021 11:25:56 GMT
Last-Modified
Mon, 08 Apr 2019 10:35:37 GMT
Server
Apache
ETag
"1865-5860265b10052"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
6245
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1023120215
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
0b52dc3851559db81b5517ed0d7f0ae732f1f758f09834c62d09c02189ca2155
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14435
x-xss-protection
0
server
cafe
etag
3499052782129861849
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 11:25:56 GMT
js
www.googletagmanager.com/gtag/ 		123 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q4GC552HB3&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1023120215
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
14f157b16811cabad9c399ecd66c37c7b64dd6bda25f70a01e01bcffcdf9a282
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49380
x-xss-protection
0
expires
Sun, 17 Oct 2021 11:25:56 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/ 		272 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
b2e20a35a96cbb8faafe5b0d231961639c2f68b001108078c753d5bd74c9e0b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99848
x-xss-protection
0
server
cafe
etag
12304651561330757526
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 11:25:56 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/ Frame 95CF 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20211013/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sat, 16 Oct 2021 21:22:20 GMT
expires
Sat, 30 Oct 2021 21:22:20 GMT
content-type
text/html; charset=UTF-8
etag
9069739545958607985
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4691
x-xss-protection
0
age
50616
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
www.google-analytics.com/g/ 		0
368 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-Q4GC552HB3&gtm=2oead0&_p=1766200152&sr=1600x1200&ul=en-us&cid=1991036476.1634469957&_s=1&dl=https%3A%2F%2Fau.saving.direct%2F&dt=Saving%20Direct&sid=1634469956&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q4GC552HB3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://au.saving.direct/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 17 Oct 2021 11:25:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://au.saving.direct
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cdb
bidder.criteo.com/ 		0
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=114&profileId=184&cb=68803156608
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://au.saving.direct/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://au.saving.direct
date
Sun, 17 Oct 2021 11:25:55 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1023120215/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1023120215/?random=1634469956711&cv=9&fst=1634469956711&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaad0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fau.saving.direct%2F&tiba=Saving%20Direct&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
0012cb20900d989814e3349304f3d97f354897fd3664cfa186bc1d64243312ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1001
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		203 B
407 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=au.saving.direct&callback=_gfp_s_&client=ca-pub-7821717121219568
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e86a63c1f4f0fa76a82c25fe6d2582a6acbdb426da4d5f7f68b920c434448d5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=au.saving.direct
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C57B 		603 B
69 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7821717121219568&output=html&adk=1812271804&adf=3025194257&lmt=1634469956&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fau.saving.direct%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634469956586&bpp=3&bdt=430&idt=142&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5209424061257&frm=20&pv=2&ga_vid=1991036476.1634469957&ga_sid=1634469957&ga_hid=1766200152&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063005%2C31062945%2C31062931&oid=2&pvsid=4384008310973835&pem=616&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=160
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7821717121219568&output=html&adk=1812271804&adf=3025194257&lmt=1634469956&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fau.saving.direct%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634469956586&bpp=3&bdt=430&idt=142&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5209424061257&frm=20&pv=2&ga_vid=1991036476.1634469957&ga_sid=1634469957&ga_hid=1766200152&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063005%2C31062945%2C31062931&oid=2&pvsid=4384008310973835&pem=616&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=160
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 17 Oct 2021 11:25:56 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
IDE=AHWqTUk3_XkeMI14Rxfkhhn11zbbYYyxe8_mTuaSpdR1rxrRbdWPrbSFkhUfmrfj4Bg; expires=Tue, 17-Oct-2023 11:25:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sun, 17 Oct 2021 11:25:56 GMT
cache-control
private
/
www.google.com/pagead/1p-user-list/1023120215/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1023120215/?random=1634469956711&cv=9&fst=1634468400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaad0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fau.saving.direct%2F&tiba=Saving%20Direct&async=1&fmt=3&is_vtc=1&random=1465955463&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 17 Oct 2021 11:25:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
track
trc.pushnami.com/api/push/ 		2 B
168 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trc.pushnami.com/api/push/track
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5d237166fb89b15595918400
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.25.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-25-51.compute-1.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept
application/json, text/plain, */*
Referer
https://au.saving.direct/
key
5d237166fb89b15595918400
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Sun, 17 Oct 2021 11:25:57 GMT
cache-control
no-cache
content-type
text/html; charset=utf-8
content-length
2
access-control-expose-headers
WWW-Authenticate,Server-Authorization
track
trc.pushnami.com/api/push/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trc.pushnami.com/api/push/track
Protocol
H2
Server
18.235.25.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-25-51.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
key
Origin
https://au.saving.direct
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sun, 17 Oct 2021 11:25:57 GMT
access-control-allow-origin
*
access-control-allow-methods
POST
access-control-allow-headers
Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age
86400
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
events
bidder.criteo.com/csm/ 		0
189 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://au.saving.direct/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://au.saving.direct
date
Sun, 17 Oct 2021 11:25:55 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
pixel.gif
static.criteo.net/images/ 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"493ea254-2b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
43
expires
Wed, 12 Oct 2022 11:25:56 GMT
pixel.gif
static.criteo.net/images/ 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: au.saving.direct
URL: https://au.saving.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"493ea254-2b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
43
expires
Wed, 12 Oct 2022 11:25:56 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4384008310973835&correlator=1963115317944545&output=ldjh&impl=fifs&eid=31063110%2C31063135%2C31063159%2C31063178%2C31062465%2C31062931&vrg=2021101301&ptt=17&sc=1&sfv=1-0-38&ecs=20211017&iu_parts=140800857%2CCDB_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=1&cookie=ID%3D8f697369c0d0eb3c-227c59ccf8ca0088%3AT%3D1634469956%3ART%3D1634469956%3AS%3DALNI_Mb_vlqggCdvszMF3tnUCcoN1E5FJg&bc=31&abxe=1&lmt=1634469956&dt=1634469956778&dlt=1634469956156&idt=536&frm=20&biw=1600&bih=1200&oid=2&adxs=-9&adys=-9&adks=2405445969&ucis=1&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fau.saving.direct%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&ga_vid=1991036476.1634469957&ga_sid=1634469957&ga_hid=1766200152&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
8e9f9e6e710afc4bb51ba745f5bb08c11105e3310394794c0319c0d57d9b5954
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7920
x-xss-protection
0
google-lineitem-id
5175121321
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138287536788
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://au.saving.direct
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9325 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101301.js?31063159
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.193 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f1.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sun, 17 Oct 2021 11:25:56 GMT
expires
Mon, 17 Oct 2022 11:25:56 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
syncframe
gum.criteo.com/ Frame D50A 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=au.saving.direct
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
gum.criteo.com
:scheme
https
:path
/syncframe?origin=publishertag&topUrl=au.saving.direct
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
1812
set-cookie
uid=59005794-2215-4eec-ae96-e69b5ca01461; expires=Fri, 11 Nov 2022 11:25:56 GMT; domain=.criteo.com; path=/; secure; samesite=none
date
Sun, 17 Oct 2021 11:25:56 GMT
content-length
4683
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211013&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
af60d9494113883d51b2fe2f0d26b2b2fab914a964aa669c224e03ea21b96272
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8505
x-xss-protection
0
hub
api.pushnami.com/scripts/v1/ Frame 1210 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.pushnami.com/scripts/v1/hub
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5d237166fb89b15595918400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-40.fra60.r.cloudfront.net
Software
/
Resource Hash
2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' *
X-Content-Security-Policy default-src 'unsafe-inline' *

Request headers

:method
GET
:authority
api.pushnami.com
:scheme
https
:path
/scripts/v1/hub
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

content-type
text/html; charset=utf-8
date
Sun, 17 Oct 2021 10:34:52 GMT
access-control-allow-origin
*
access-control-allow-methods
GET,PUT,POST,DELETE
access-control-allow-headers
X-Requested-With
content-security-policy
default-src 'unsafe-inline' *
x-content-security-policy
default-src 'unsafe-inline' *
x-webkit-csp
default-src 'unsafe-inline' *
cache-control
no-cache
content-encoding
gzip
vary
accept-encoding
x-cache
Hit from cloudfront
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
2O6DsUZDZhLJD-Jg_pycaeqEwWyOqtQLqAbbj3ZZhR1BzareNe3rKg==
age
3064
psp
psp.pushnami.com/api/ 		2 B
223 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://psp.pushnami.com/api/psp
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5d237166fb89b15595918400
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.77.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-77-148.compute-1.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept
application/json, text/plain, */*
Referer
https://au.saving.direct/
key
5d237166fb89b15595918400
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://au.saving.direct
date
Sun, 17 Oct 2021 11:25:57 GMT
cache-control
no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
accept-encoding
content-type
text/html; charset=utf-8
psp
psp.pushnami.com/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://psp.pushnami.com/api/psp
Protocol
H2
Server
52.201.77.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-77-148.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
key
Origin
https://au.saving.direct
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sun, 17 Oct 2021 11:25:57 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://au.saving.direct
access-control-allow-credentials
true
access-control-expose-headers
content-type, content-length, etag
access-control-max-age
600
access-control-allow-headers
key
access-control-allow-methods
POST
cache-control
no-cache
vary
accept-encoding
content-encoding
gzip
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 17 Oct 2021 11:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sun, 17 Oct 2021 11:25:56 GMT
json
gum.criteo.com/sid/ Frame D50A 		441 B
532 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=publishertag&domain=saving.direct&sn=ChromeSyncframe&so=0&topUrl=au.saving.direct&cw=1&lsw=1
Requested by
Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=au.saving.direct
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
529f8d2d6302773b14fc623097808e4fab154ff3688c0a79629c9eb9606d9c52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=au.saving.direct
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sun, 17 Oct 2021 11:25:56 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2809
expires
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 78AB 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sun, 17 Oct 2021 10:55:19 GMT
expires
Mon, 17 Oct 2022 10:55:19 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1838
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8366 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f4.1e100.net
Software
GSE /
Resource Hash
28f2214e33bbfe061ccc0a1e48e590eb572c205338145dd25b7bf88bed7950ac
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DHWn5FPDF7uEP/BQ1OcW1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://au.saving.direct/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sun, 17 Oct 2021 11:25:56 GMT
date
Sun, 17 Oct 2021 11:25:56 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-DHWn5FPDF7uEP/BQ1OcW1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame 8366 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211013&jk=4384008310973835&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
pagead2.googlesyndication.com/bg/ Frame 78AB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
sffe /
Resource Hash
601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 16 Oct 2021 17:02:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
66223
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13430
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 11:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sun, 16 Oct 2022 17:02:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211013&jk=4384008310973835&bg=!fX6lfjrNAAao6lBpqOo7ACkAdvg8WrtNDxhWEZrj_FcsviuELNx154StyxfqaLzQAzLTHTmfelMAKgIAAAB_UgAAAAxoAQcKAN2y-RyvIn11SobcNOKRm4DvnGprSaX2q0FS-vU6opgHG-KtMtVyZdcarj9Xx_TAQKZgn8oOFbV2CPY6tMjr6m1PsBalm3bjV6IghhMAH9HWXBHgOEV7zePknLwLQtV87xX6bPqzQ4PKHML9Y5w5XPagSvAbprVf2z0W9ruOWLCWVeT-I_G0Kvd-Al1Ven7zDH1o7ZOcvRBCU--0w36jfKhCGMkIc7tQjvRJfKlwl0k78l9uiWxSijMgSZxpc4SK9R45unJ9NlCQWNiPig1jDPETnrX57y9n99FXtZ1B_JkCuwSYMT14t7t5R7XZxKhWnkh7xrud8VJQtatKnbeTnxP9uCxjBOaFBU3j7iJmdyJkoNNzKGan_IXBMHHLmToBdLhh-N57RkC47l7_wMXerxy_vE9JG6M8_Z8ZkuwqzEBANpkOIs4bdTYvP6YdIRm-BjMCkbhJjfaFd72soIXMeXS8e99xVJnxvFOFgvoF5x0DZ3FEixIJuEgNudRFipdk_fxCBrhciZ27ck3ITD8E5edzagnw4CVHq-sp1BdWF0fvKld80Fc20B7wDVaBpIf3MfHQQE2Cbtio_m6Dbq3FuiieKtGf2EpL-Y_t3LeaCaL2pQ0VRBNRUTr-DejRafX9O4jKUwzGTEpWAlPKwFzNs82cipHT6oUjGXYk992sQL4AiGcnVer1hwdxFx66MepJfMUjvhuk_-mJ6DqWNRnWA8prunldQgWY6a16at34irGJyYNUoFyi763VjktDSB2W37C2zWYdMLm6slaAq8zcTdgA78iwIOHjd03Y4_Dseqm00_BTZL27EJyjNIs85WzbJYcVA594UX4oXgfmrdFyBY8hxBFBxfGkFLr7ehtKPjoxw2N3r_vCNHQ7ARx86zy_RtbPrmhtMNP0oIZxnm3aSqniOPxCjfq59Fkb6aMpO0dbL-HxxQmKhzONt6dJYzDdPYnyOs0c0mYYXqXTrDbxS5rBwC9FzHnMzwzbEfAc8i-AlHYFPkdHWcZAW8b5u1gdV_Gn4GgkDD98Jdsg6UCZP7ROnXPN2hyzygmhYVn5oQXq4RCD1l24TP623gDvpFmkZnwyesi9oYdwSDRJJsLuMfTZJ_nMU2sqHhnQQMJNPweGzvoUDFe2HkvyvaVJ81DBl2HxDK3nTuHNGsRVhxG5Iw4kUAmU78_zA4Kv__9yL1ZcOYozAKWYI9u7i8af05swf19fy9mfI1RemBdtCw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://au.saving.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 17 Oct 2021 11:25:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| WEB_ROOT object| adsbygoogle function| gtag object| dataLayer object| Criteo object| googletag function| cookiePopupOpen function| cookiePopupClose object| jQuery111307672169014814003 object| ggeac object| google_js_reporting_queue object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_manager function| initViralMarketing function| initFacebookApp function| initSiteMain function| initSiteSubpage function| initCoregSurveyAnimations string| gsLastFormData function| reloadCoreg function| trackClickSite object| google_tag_data number| google_srt object| google_logging_queue object| google_ad_modifications boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map object| criteo_pubtag object| criteo_pubtag_114 object| Criteo_114 string| google_user_agent_client_hint object| gaGlobal function| onYouTubeIframeAPIReady object| recaptcha function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| google_sa_impl object| google_persistent_state_async object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| pushWrap function| showFbChkOptIn object| mailnamiPromptModule undefined| o object| mailnami object| Pushnami function| CrossStorageClient object| pushnamiStorage function| uuid object| GoogleGcLKhOms object| google_image_requests

8 Cookies

Domain/Path Name / Value
au.saving.direct/ Name: _
Value: m25u64dp0gaalqhf4h3bs46mq4
.saving.direct/ Name: _gcl_au
Value: 1.1.56064470.1634469957
.saving.direct/ Name: _ga_Q4GC552HB3
Value: GS1.1.1634469956.1.0.1634469956.0
.saving.direct/ Name: _ga
Value: GA1.1.1991036476.1634469957
.doubleclick.net/ Name: IDE
Value: AHWqTUlXoXh4fRSB_r4L5hXUrzv4PJuTpj347ZuxlQKgBHxrPvgR9zFxhqrOiQQx1GI
.saving.direct/ Name: __gads
Value: ID=8f697369c0d0eb3c:T=1634469956:S=ALNI_Mbhh4kwXUGQQrpYHUwtPlh7GZahuw
.criteo.com/ Name: uid
Value: 59005794-2215-4eec-ae96-e69b5ca01461
.saving.direct/ Name: cto_bundle
Value: 3kzJSV9lams3VEUlMkI0Y3UyVVY5NFNpOGNRZ0hYdHNOREkwWmZvbSUyRlBRZzdwVlVTbzB4MGgxSGUxZmh0JTJGVWJLUnJLR0w4Y0F0RSUyRlg4bmNaJTJCd0hEQjRpSGZtJTJCR0xoekh1WmNPeG1pSiUyRkdkTVVkeDNybkdId2ljOU9BTVplTHdIeG8zOE94aWZ1UWM4UU8yQXNNV0VyUlMyNG1NUSUzRCUzRA

1 Console Messages

Source Level URL
Text
other error URL: https://au.saving.direct/
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2c66403dfc25bf5a2a26137111b9458b.safeframe.googlesyndication.com
adservice.google.com
api.pushnami.com
au.saving.direct
bidder.criteo.com
cdn.koiadvertising.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
psp.pushnami.com
securepubads.g.doubleclick.net
static.criteo.net
tpc.googlesyndication.com
trc.pushnami.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
13.32.99.40
142.250.185.193
142.250.185.66
142.250.185.72
142.250.186.162
142.250.186.174
142.250.186.35
142.250.186.66
142.250.186.67
142.250.186.97
142.250.186.98
172.217.16.130
172.217.16.138
172.217.23.100
178.250.0.130
178.250.2.131
178.250.2.146
18.235.25.51
52.19.165.23
52.201.77.148
52.48.82.149
0012cb20900d989814e3349304f3d97f354897fd3664cfa186bc1d64243312ef
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
08938ade08efebf0c312f678938a2d45af1c2a02f282abe296ddd8125b691e81
0b52dc3851559db81b5517ed0d7f0ae732f1f758f09834c62d09c02189ca2155
14f157b16811cabad9c399ecd66c37c7b64dd6bda25f70a01e01bcffcdf9a282
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407
257c07e40f4fdd78d66090a4347816a4777d8f2ab8b266d4aebf56da90538cbc
2696a7d00f6b9550437b22caad9314772968580fa0c6f8a58065b03e8d3039b9
26da91d47d63a95a678b34cdffaff0a49532195d53bd23797f6a0081ac911bb7
2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4
28f2214e33bbfe061ccc0a1e48e590eb572c205338145dd25b7bf88bed7950ac
29d3ac66cb7823c6a5771bbb0ee77b819f72c251c06f7c9eb5c3000ea9611b32
2b9a658314baccfef5f3b1d279571f0c1dbe62e6f71735828dd7606e426ba798
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13
2ef56dc520037260cca27bcca24585f36606ddf03e3d84a811a3cc137c26f526
384d829a4391680df3507de956967f8a87c637b42c0eeeb054081ec4cbfbfb04
3f929a7e1bd9f9e3897d2feb98f7eec03155cf6a89698dd74265179e9dde594f
415a956d0d84f7f02e10233bcf0ba9ab058d547f20dc8825f8b649c96e1b699e
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
4ae129012649a94cc17c7d0b1f74eb7fd46cdd3f31156323af3e115de99029f8
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
529f8d2d6302773b14fc623097808e4fab154ff3688c0a79629c9eb9606d9c52
5392fcbfd0839c09ad663c6261c8d00a794379285e11eb901b2c6281a2394029
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63
6c7422a9c15b9c96f542187ad5163d70c87a911d204ee418ea214e063d728f4d
6e8fa2ba4298cefa603b45cfe8a67d05ca87377ffdb865028a4e5a13360390c9
7c3b0b6077c21e46e421266707179aed3af589c1f2742016609c88605d5f0b82
7d262e6732e70aa65dbc59b8eccb8c24d809bc295090d05eb966c4e3b35f926a
808ecd508fafb1836f5a350eb2165824e8130f96ba29e1b35d9d473d8b13708e
8a72d52ce71a505a161318e1d3c1e40845ef7955969075699bea53d43907b5ba
8e9f9e6e710afc4bb51ba745f5bb08c11105e3310394794c0319c0d57d9b5954
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
9aa98efa8176d3680cee333ffdac1506a94baa7c861c1cbbe603ae0e03a9fe59
9d5579d2ae226889e9cc592035a86cbe20c570edbdeb6394ec7ebc23c4246571
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
af60d9494113883d51b2fe2f0d26b2b2fab914a964aa669c224e03ea21b96272
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2e20a35a96cbb8faafe5b0d231961639c2f68b001108078c753d5bd74c9e0b4
b4df94d683af23847d01e7eb530152a6b83f99dffe17c85e618ab4e293d38410
c0e2b507206317299ccdd7ec276b0be966e6afa2617da415f1435546a8a32527
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e86a63c1f4f0fa76a82c25fe6d2582a6acbdb426da4d5f7f68b920c434448d5b
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9c554bca3ce5b9f978b626ff8c3a441c0468af2599bdb4e9b6b32f6743f058
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c