www.9news.com.au Open in urlscan Pro
23.215.58.118 Public Scan

URL: https://9now.app.link/dkVdR5pzO9
Title: Watch TV

URL: https://wwos.nine.com.au/
Title: Sport

URL: https://honey.nine.com.au/
Title: Lifestyle

URL: https://www.nine.com.au/entertainment
Title: Entertainment

URL: https://www.nine.com.au/property
Title: Property

URL: https://www.nine.com.au/product-reviews
Title: Product Reviews

URL: https://coupons.nine.com.au/
Title: Coupons

URL: https://9.nine.com.au/ebcUIL
Title: Stan

URL: https://9.nine.com.au/ymxRM6
Title: Drive

URL: https://www.2gb.com/
Title: 2GB

URL: https://9news.com.au/

URL: https://9now.nine.com.au/today
Title: Today Show

URL: https://9now.nine.com.au/a-current-affair
Title: ACA

URL: https://9now.nine.com.au/60-minutes
Title: 60 Minutes

URL: https://wwos.nine.com.au/afl
Title: AFL

URL: https://wwos.nine.com.au/cricket
Title: Cricket

URL: https://wwos.nine.com.au/football
Title: Football

URL: https://wwos.nine.com.au/live-scores
Title: Live scores

URL: https://wwos.nine.com.au/nrl
Title: NRL

URL: https://facebook.com/dialog/share?app_id=1327649940684033&display=popup&href=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&redirect_uri=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617
Title: Share

URL: http://twitter.com/intent/tweet?text=Armoured+trains%2C+private+jets+and+luxury+limos%3A+How+Kim+Jong-un+travels+overseas&url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617
Title: Tweet

URL: https://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&media=https%3A%2F%2Fprod.static9.net.au%2Ffs%2F24f115ee-a900-43f1-b22c-2483f02a3df7&description=North+Korean+leader+Kim+Jong-un+has+arrived+in+Russia+aboard+his+private+train.+Here%27s+a+look+at+his+rolling+armoured+fortress+and+the+secretive+leader%27s+other+modes+of+transport.
Title: Pinterest

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.e.nine.com.au/r/?id=h70dde64e,a43a655,9014753&ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily HTTP 302
https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138

Request Chain 63

https://cm.everesttech.net/cm/dd?d_uuid=58185842840099411110109793075429731449 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZQA6ewAAAMaERQN-

Request Chain 66

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2929370047501124640

Request Chain 67

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTgxODU4NDI4NDAwOTk0MTExMTAxMDk3OTMwNzU0Mjk3MzE0NDk= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTgxODU4NDI4NDAwOTk0MTExMTAxMDk3OTMwNzU0Mjk3MzE0NDk=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEFOuyhmSb63R87BnrFarJvU&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 79

https://pixel.advertising.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true HTTP 301
https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true&verify=true

Request Chain 82

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&sr=1600x1200&id=lstrg-943c0eda30072c49831a1888b1f927bd&tz=8 HTTP 302
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&sr=1600x1200&id=lstrg-943c0eda30072c49831a1888b1f927bd&tz=8&ja=1

Request Chain 94

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=58185842840099411110109793075429731449&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58782/cms?partner_id=ADOBE&_hosted_id=58185842840099411110109793075429731449&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-T4viT_JE2pENFUlyRUue_IcQ6f.55S0rQHs-~A

Request Chain 96

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=4410630201151488550841&gdpr=0&gdpr_consent=

Request Chain 97

https://usermatch.krxd.net/um/v2?partner=adobe&id=58185842840099411110109793075429731449 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58185842840099411110109793075429731449

Request Chain 103

https://c.bing.com/c.gif?Red3=MSAN_MI9_pd HTTP 302
https://m.adnxs.com/mapuid?member=280&user=328E56C33C9A61AC03A945493DA86049;&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D328E56C33C9A61AC03A945493DA86049 HTTP 302
https://m.adnxs.com/seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D328E56C33C9A61AC03A945493DA86049 HTTP 302
https://ib.adnxs.com/setuid?entity=483&code=328E56C33C9A61AC03A945493DA86049

Request Chain 105

https://usermatch.krxd.net/um/v2?partner=adobe&redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dadobe%26partner_uid%3D%24%7BDD_UUID%7D HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&redir=https://beacon.krxd.net/usermatch.gif?partner%3Dadobe%26partner_uid%3D$%7BDD_UUID%7D

Request Chain 136

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID HTTP 302
https://adc.nine.com.au/?appNexusUid=2929370047501124640

Request Chain 141

https://fw.adsafeprotected.com/rfw/st/1612340/73397107/skeleton.js?adsafe_url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&adsafe_type=abedq&adsafe_url=https%3A%2F%2Fwww.9news.com.au%2F&adsafe_type=f&adsafe_jsinfo=,id:c57a94e3-6be5-e874-6b42-d0408a290b12,c:o1DxTK,sl:inView,em:true,fr:true,thd:1,mn:jsserver-experiment-primary-56487596f4-4878r,rg:au,pt:1-5-15,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,mu:10000,br:c,bru:c,an:n,oam:0,mtim:391,mot:0,app:0,maw:0,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:411,oid:7019c140-5155-11ee-af88-f69e2e903924,v:19.8.439,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 143

https://sr.rlcdn.com/469486.gif?u=64fee050c91c48d184e91b74a3ebb52c&es=149096 HTTP 307
https://sr.rlcdn.com/1000.gif?memo=CO7THBIyCi0IDxAAGicxNDkwOTY6NjRmZWUwNTBjOTFjNDhkMTg0ZTkxYjc0YTNlYmI1MmMQ_XkaDQj99ICoBhIFCOgHEABCAEoA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=6cbb05e5ea32244ca05aafdee745a90f3f64c9f065b7c85c9b7c031c3ab095e1791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA2Y2JiMDVlNWVhMzIyNDRjYTA1YWFmZGVlNzQ1YTkwZjNmNjRjOWYwNjViN2M4NWM5YjdjMDMxYzNhYjA5NWUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_fSAqAYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA2Y2JiMDVlNWVhMzIyNDRjYTA1YWFmZGVlNzQ1YTkwZjNmNjRjOWYwNjViN2M4NWM5YjdjMDMxYzNhYjA5NWUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_fSAqAYSBAgCEABCAEoA&google_gid=CAESELdvyDwLyxx6uGn4fkpl3vo&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=5cc1e3d2-850a-4c8b-be14-7ba477bc9efe

Request Chain 225

https://microsoft-aunz-d.openx.net/w/1.0/pd HTTP 302
https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1

Request Chain 231

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 232

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 233

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D HTTP 302
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

Request Chain 234

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENi8BBvneVDFLBXBHj7qjDE&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 235

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D

Request Chain 237

https://pr-bh.ybp.yahoo.com/sync/triplelift/4410630201151488550841?gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-6bgaRRBE2oQAMQiTe0E9CilPudHty0cKvCRF4DoZAg--~A&dongle=0883

Request Chain 239

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4410630201151488550841&gdpr=0&gdpr_consent=${GDPR_CONSENT_28} HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=4410630201151488550841&gdpr=0&gdpr_consent=${GDPR_CONSENT_28} HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=triplelift HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=triplelift HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=3092276361485442089&ssp=triplelift

Request Chain 241

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=2929370047501124640&dongle=4d58&gdpr=0&gdpr_consent=

Request Chain 243

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=&expires=30

Request Chain 244

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE1HNVJBVkktNy0xUFJO HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIx5Dd7qyc1VWwqD5XpCZtE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE1HNVJBVkktNy0xUFJO&google_push=

Request Chain 245

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmYzMTJiNDYzYTI4ZjkzNmRiMWZlYjAzMDJjOWJiNGFjMjVlOWRjOA

Request Chain 246

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=32h_K25STm6KnzMUBbxCgg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=32h_K25STm6KnzMUBbxCgg

Request Chain 247

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/tpNaOkl_rphq4Ci-vUUJow?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E8uLrkRE2oLMfQgzb5z0a0a5FCv7aoaPhTM99A--~A

Request Chain 248

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=mdodpWI8Q2eIlQi3vwDPew&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=mdodpWI8Q2eIlQi3vwDPew

Request Chain 249

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEC92EmPDPjdIOH0hynWcOhY&google_cver=1

Request Chain 250

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LMG5RAVI-7-1PRN

Request Chain 251

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 252

https://match.adsrvr.org/track/cmf/openx?oxid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0&gdpr_consent=

Request Chain 253

https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZQA6gsCo5swAAFKUmjAAAAAA

Request Chain 254

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AfxT-P0YQL9Bks8AD7ImEjf0ds8AAAGKiOSK6w

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENLSRAyZD3hEUK9ZwHg9jd8&google_cver=1

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZQA6gRe5gFJRnWIFeOcyWwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDEH-ExePIQV6Z5shdYF8U0&google_cver=1

Request Chain 258

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid=&dcc=t

Request Chain 259

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&expiration=1697105793&gdpr=0&gdpr_consent=

Request Chain 260

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECz6kgsONe8iMh9DeXBodlg&google_cver=1

Request Chain 261

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1710238593&external_user_id=09a6c9ea-dd53-418e-a840-6c08eab7ffcf

Request Chain 262

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2929370047501124640

Request Chain 263

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=48dff6db-258d-67ad-78a2cda4

Request Chain 267

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0h9fR9dLV0XJSA4R1BxCQ4UeWEHJGV0V10_9IQ39

Request Chain 268

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2929370047501124640&gdpr=0&gdpr_consent=

Request Chain 269

https://cm.ambientdsp.com/cm/send?vc=pmj HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11jwy29wwjop

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QwIfUcWXQZyHkdehwhgUvg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 271

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=43021F51-C597-419C-8791-D7A1C21814BE HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=43021F51-C597-419C-8791-D7A1C21814BE HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%2C%2C

Request Chain 272

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=&ct=y

Request Chain 273

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 274

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDMwMjFGNTEtQzU5Ny00MTlDLTg3OTEtRDdBMUMyMTgxNEJF&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG4Og9TE4gH7Ukql-aPbY-E&google_cver=1

Request Chain 278

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=

Request Chain 279

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=43021F51-C597-419C-8791-D7A1C21814BE&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-EDgZbk9E2uViq9f5U7adAVfQIYmBuh8-~A&gdpr=0

Request Chain 280

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.aralego.com/bsw_sync?ucf_nid=par-E2B44D84BBBDED8A0B297323E4B4A68&dsp_id=445&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=2a76b861-79fc-4b49-bfa4-3083685319a6&gdpr=0&gdpr_consent=&gdpr_pd=&usprivacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=445&user_id=3cc7f047-f848-326d-bf97-995b7e70b951&ssp=pubmatic&bsw_param=2a76b861-79fc-4b49-bfa4-3083685319a6

Request Chain 290

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=tXQeOi-xUOp_0K2qRUtLH0LLcKg&gdpr=0&gdpr_consent=

Request Chain 291

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=dhdt24umtfqj

Request Chain 293

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95890e74367c4c6f836e0a430afa8f88

Request Chain 294

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=a4lTQozXC5G_WRoGhToAZQ

Request Chain 295

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU20331074aa214be68194323e752d6419

Request Chain 296

https://idsync.rlcdn.com/420486.gif?partner_uid=43021F51-C597-419C-8791-D7A1C21814BE HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=d2e00598-f2f2-0d96-29ca-ad6132b31048

Request Chain 297

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3092276361485442089

Request Chain 298

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=

303 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 4f3a921f-dfc4-4f12-94d9-698a73627617 Show response
www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/
Redirect Chain

https://t.e.nine.com.au/r/?id=h70dde64e,a43a655,9014753&ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily

191 KB
38 KB

792ms
199ms

Document
text/html

23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 80bb146ca1016fac9a7d1a90eb85689760980f03589e931b4117f7e23ecfd977

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: public, max-age=93
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 38730
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Sep 2023 10:16:24 GMT
ETag: "2fc41-F6J/gG7U6tSALsQX+O9acBjHZFU"
Expires: Tue, 12 Sep 2023 10:17:57 GMT
Server: nginx
Vary: Accept-Encoding
X-Cache-Status: EXPIRED

Redirect headers

content-length: 17
content-type: text/plain; charset=utf-8
date: Tue, 12 Sep 2023 10:16:23 GMT
location: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
p3p: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
server: Apache
x-robots-tag: noindex

GET
H/1.1 200
OK main.6bec1b7c.css
www.9news.com.au/assets/ 456 KB
45 KB 439ms
241ms Stylesheet
text/css 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 40bf198e10b7e9dafbb11575d1dc1641f807d920a7d9a42a3795724d298dd2a4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Aug 2023 01:25:04 GMT
Server: nginx
ETag: "64d43c70-7208a"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=28662135
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45416
Expires: Fri, 09 Aug 2024 03:58:40 GMT

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F24f115ee-a900-43f1-b22c-2483f02a3df7
imageresizer.static9.net.au/GFlcr9E5Y8mt3oZ8yXzws4L8uBo=/1200x0/ 757 KB
758 KB 1031ms
333ms Image
image/png 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/GFlcr9E5Y8mt3oZ8yXzws4L8uBo=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F24f115ee-a900-43f1-b22c-2483f02a3df7
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c5cb41a5d84d189cee4c69f1bc153b9824e5514b8be7e5728c1a52fd90820974

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 15, 1
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 05:46:27 GMT
age: 16198
etag: "a051e99d5539e33b3449f430580af82f1fa39a03"
x-cache: HIT, HIT
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 775629
x-served-by: cache-syd10148-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2F_%2Fmedia%2F2016%2F10%2F04%2F13%2F42%2F0410_wood_sp.jpg
imageresizer.static9.net.au/3XfypWH1MyWE1txn7TDeDS00EYA=/105x105/ 3 KB
3 KB 1031ms
332ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/3XfypWH1MyWE1txn7TDeDS00EYA=/105x105/https%3A%2F%2Fprod.static9.net.au%2F_%2Fmedia%2F2016%2F10%2F04%2F13%2F42%2F0410_wood_sp.jpg
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ee65bac3839a1e1e18eb4d859223112e80528567adae081f8375a616c10a11d0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 732, 3
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Tue, 20 Aug 2024 18:31:49 GMT
age: 1871077
etag: "83dbca11f2bbf21c61911e1a3101bbc33758f262"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 3321
x-served-by: cache-syd10150-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F6ae82d1b-bf05-4474-9f73-562428b26b65
imageresizer.static9.net.au/sj0rEVWAWozRtM9rdI-CCDtZodo=/1200x0/ 86 KB
86 KB 889ms
191ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/sj0rEVWAWozRtM9rdI-CCDtZodo=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F6ae82d1b-bf05-4474-9f73-562428b26b65
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7de13eded79aa59c95f35d1437a7a4f0eec7d62a460db87b9336543e5efd6458

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 17, 3
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:21:55 GMT
age: 24871
etag: "83b0e505b30bafa46c90d95c1b53dce9be575acb"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 88133
x-served-by: cache-syd10127-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F6ec90637-0d25-4834-a73f-e097ac55562e
imageresizer.static9.net.au/jSrkGMNugv9Ldi7gEbiDWXFAg78=/1200x0/ 106 KB
106 KB 1030ms
332ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/jSrkGMNugv9Ldi7gEbiDWXFAg78=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F6ec90637-0d25-4834-a73f-e097ac55562e
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 95d5b9a49894cf88dd12ab73e995b50a5e4f3c2ac89841f29c74b3c3000fa849

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 16, 2
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:22:03 GMT
age: 24862
etag: "0ac77b1b01f74f01803ef9b6087949b4616d94a5"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 108237
x-served-by: cache-syd10159-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F06792fe6-1a78-4215-a2b0-6c710213a99c
imageresizer.static9.net.au/QKXSSGnQ86TmDrTNhuUvMnbhN7E=/1200x0/ 103 KB
103 KB 889ms
191ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/QKXSSGnQ86TmDrTNhuUvMnbhN7E=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F06792fe6-1a78-4215-a2b0-6c710213a99c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 83c3eda92fc69c4b15109ed1459bcaee75895fed520744c4d65f8260126bf965

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 17, 3
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:06 GMT
age: 24739
etag: "98f1e52f7c1ca708e677975cbd0abcb1cdff8f0a"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 105280
x-served-by: cache-syd10158-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fb7b7d1ac-28b7-46af-944c-832f2179f8f0
imageresizer.static9.net.au/NpJQxtq_7dKns-rESvJCkDLS3QY=/1200x0/ 117 KB
118 KB 889ms
191ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/NpJQxtq_7dKns-rESvJCkDLS3QY=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fb7b7d1ac-28b7-46af-944c-832f2179f8f0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e4e1566d16617cdf31904b57611e6eb3e6ef284fa27c2d2cb96f602c91aaae0e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 18, 3
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:23 GMT
age: 24722
etag: "568480849b2d7b307918157daf258f20b2e29bea"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 120282
x-served-by: cache-syd10155-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F51eb5e3b-1009-48f9-81eb-13b18639ce03
imageresizer.static9.net.au/wjzXn5H2dfCZMarf7y5AoP16j1o=/1200x0/ 343 KB
343 KB 227ms
226ms Image
image/png 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/wjzXn5H2dfCZMarf7y5AoP16j1o=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F51eb5e3b-1009-48f9-81eb-13b18639ce03
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fa43666d26632aa8d74632908a20b869950a1416b774bb6b6ff91c7da9031c3f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 14, 1
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 06:01:35 GMT
age: 15291
etag: "1c2fe396a8ea0b24da4c34c4c49e63653470d02a"
x-cache: HIT, HIT
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 350761
x-served-by: cache-syd10179-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F0e248b03-c1cd-49bf-908f-1451cc72518c
imageresizer.static9.net.au/8zbQMIZnIIr8gRJEJCRSOs0oU6Q=/1200x0/ 209 KB
209 KB 227ms
226ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/8zbQMIZnIIr8gRJEJCRSOs0oU6Q=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F0e248b03-c1cd-49bf-908f-1451cc72518c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e9663532a9619d242c0f4a8bbfadbc85b04535d3b0ba0edf9a8088fd57a5da53

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 18, 1
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:30 GMT
age: 24715
etag: "50487e9359d4d7a27b9a2e148a53a26cb552433a"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 213603
x-served-by: cache-syd10141-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2Ffa8d4b93-a965-4df2-a7fe-eb076741d283
imageresizer.static9.net.au/BwnwxS_HJjvGpItmri21nVJY6LQ=/1200x0/ 131 KB
131 KB 227ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/BwnwxS_HJjvGpItmri21nVJY6LQ=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Ffa8d4b93-a965-4df2-a7fe-eb076741d283
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 74add390ef71bd405689da5929c1a71c718000709a46266a02eea70ab9a8eccd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 14, 1
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:40 GMT
age: 24705
etag: "4bb224126dcbb30f4388fc7138a754c70685b8c3"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 133683
x-served-by: cache-syd10179-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F92ab292e-7eda-4937-a8b1-c6b4762356c3
imageresizer.static9.net.au/j3_Yb5EmS1unUEhnPHrUPjGoZws=/1200x0/ 187 KB
187 KB 228ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/j3_Yb5EmS1unUEhnPHrUPjGoZws=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F92ab292e-7eda-4937-a8b1-c6b4762356c3
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ba030f4e674ce07870c198c8a4875c54b0b1763087c685688be384a4f3461360

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 17, 1
date: Tue, 12 Sep 2023 10:16:25 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:44 GMT
age: 24701
etag: "5dc20862fb0aec09bcc9370ba7b3f569f9eb914b"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 191705
x-served-by: cache-syd10151-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fc4167d12-4726-4fbb-9f28-eba5caca9b61
imageresizer.static9.net.au/6IcXnSHKptb5iawtYogrNVdBh3Q=/1200x0/ 121 KB
121 KB 228ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/6IcXnSHKptb5iawtYogrNVdBh3Q=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fc4167d12-4726-4fbb-9f28-eba5caca9b61
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2c85350cb00ac65e899dfe102569b97fe0d14ae6285a28a0f838b6cc9d1e8141

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 15, 2
date: Tue, 12 Sep 2023 10:16:26 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:24:49 GMT
age: 24696
etag: "3b3f45c39e946ecd3f8ed6952da1176c50e31684"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 123850
x-served-by: cache-syd10171-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F53448352-0eb5-463a-a676-0293b4a96b49
imageresizer.static9.net.au/GPVMEZyAA3Ufj2BkcHWhvfp4oM8=/1200x0/ 41 KB
41 KB 228ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/GPVMEZyAA3Ufj2BkcHWhvfp4oM8=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F53448352-0eb5-463a-a676-0293b4a96b49
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2a75693c9954ccbe383fdb67c7d7caae40fec90b844096fcb24634e26c18f428

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 16, 2
date: Tue, 12 Sep 2023 10:16:26 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:25:11 GMT
age: 24674
etag: "9849f3b4d9e91440006540dd55755560699504d6"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 41786
x-served-by: cache-syd10178-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fd5507619-2154-4fb2-af61-cbc44e55bc53
imageresizer.static9.net.au/iLcYuJ1urfxh6F1sRkRAT3UO1Os=/1200x0/ 88 KB
88 KB 228ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/iLcYuJ1urfxh6F1sRkRAT3UO1Os=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fd5507619-2154-4fb2-af61-cbc44e55bc53
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c42f91ca9b944b259cdd283ef4fabc4a18a4395b23f8b898cb5c8f5e819cef04

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 15, 2
date: Tue, 12 Sep 2023 10:16:26 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:25:13 GMT
age: 24672
etag: "e470ebd5eec127c725173fdc01c2c3a185abbb1a"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 89779
x-served-by: cache-syd10148-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fca5739e6-a1c2-4b9a-a8c8-c2ea26b216f2
imageresizer.static9.net.au/AvQcD1SWPEzAX9kdgtq8X8Soyhs=/1200x0/ 144 KB
144 KB 245ms
245ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/AvQcD1SWPEzAX9kdgtq8X8Soyhs=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fca5739e6-a1c2-4b9a-a8c8-c2ea26b216f2
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dcabc92fc439e25f57cb5db2c1a86d5814e17b698ecaf8524a1dd4fcd2145b89

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 1971, 1
date: Tue, 12 Sep 2023 10:16:26 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:26:18 GMT
age: 24608
etag: "866b84e219fc50f6d2185e762075f21e873f0b6a"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 147393
x-served-by: cache-syd10154-SYD, cache-bfi-kbfi7400060-BFI

GET
H2 200 https%3A%2F%2Fprod.static9.net.au%2Ffs%2F16fb644a-2618-4607-95f3-85a7b01331ed
imageresizer.static9.net.au/QhJr-bTlgyAUgx8cD3Ni9Vc3PN8=/1200x0/ 125 KB
125 KB 228ms
227ms Image
image/jpeg 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageresizer.static9.net.au/QhJr-bTlgyAUgx8cD3Ni9Vc3PN8=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F16fb644a-2618-4607-95f3-85a7b01331ed
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1a652cad9e9cdac96ff11e860fa9ca00d894e441f673192bb90a098e243686fe

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 150, 3
date: Tue, 12 Sep 2023 10:16:26 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Sep 2024 03:26:35 GMT
age: 24590
etag: "ccbb5f5e6f79a39b3ba371d1002913bba366bb01"
x-cache: HIT, HIT
content-type: image/jpeg
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 127672
x-served-by: cache-syd10160-SYD, cache-bfi-kbfi7400060-BFI

GET
H/1.1 200
OK v1 Show response
adkit.9pub.io/ 70 KB
20 KB 374ms
4ms Script
application/javascript 13.35.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adkit.9pub.io/v1
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-43.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 594b1880b788bef3e6ca9c9791268c5fbaa6a853e36995a0349f16c87b7a677c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 09:54:36 GMT
Content-Encoding: gzip
Via: 1.1 4bf8b888ab09c75583ef96928f051bfc.cloudfront.net (CloudFront)
Last-Modified: Tue, 05 Sep 2023 04:50:14 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SYD1-C1
Age: 1314
ETag: W/"210cfde88ca27c0414c90c6693c29be2"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Cache: Hit from cloudfront
Cache-Control: max-age=3600
Connection: keep-alive
X-Amz-Cf-Id: 2Y7DNHfEM75Y8-edh6-JrgYrgXA6LiLXPtlybC2mu3sPv-Ylzg65rQ==

GET
H/1.1 200
OK index.min.js Show response
players.brightcove.net/664969388001/H190EXsjW_default/ 1 MB
329 KB 416ms
112ms Script
application/javascript 23.77.129.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://players.brightcove.net/664969388001/H190EXsjW_default/index.min.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.129.89 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-129-89.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9e0c5b470a7ec2b3e2ba457e59038156d3bd185022468bb6a02b355371270acb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: dLrLEw9Vx3D5YtGwPVGB33o3rugmnu3u
Content-Encoding: gzip
Date: Tue, 12 Sep 2023 10:16:25 GMT
x-amz-request-id: F219CE9T6KWK6XRD
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 335770
x-amz-id-2: zHfFDIOyQtNGUz9GoKqR4lI1eNOV88zboe49EL0sDAp81KFh6Gv9qT+EHKtYDObpwF/uaX4/Y/4=
X-BCOV-Response-Mode: 1
X-Served-By: cache-syd10139-SYD
Last-Modified: Tue, 08 Aug 2023 00:20:05 GMT
Server: AmazonS3
X-Timer: S1691454101.935574,VS0,VE1055
ETag: "fced51da51bffd98e4d115e916252e03"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=186
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK main.35b23f4d.js Show response
www.9news.com.au/assets/ 3 MB
995 KB 347ms
188ms Script
application/javascript 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/main.35b23f4d.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 40f6ced77fe3426bef46d30da220b3b66c94c9f7b9fbbccfafa490bee0ba7890

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Sep 2023 12:31:18 GMT
Server: nginx
ETag: "64f9c296-3709c9"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31154024
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1018303
Expires: Sat, 07 Sep 2024 00:10:09 GMT

GET
H/1.1 200
OK proximanova-bold.woff
www.9news.com.au/assets/fonts/ 27 KB
28 KB 215ms
215ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/proximanova-bold.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f249a7a21f80e543f61b539acb6d496c7870ed8768b3ea5238ba356d6d530dfd

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-6d40"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=18391253
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27968
Expires: Fri, 12 Apr 2024 06:57:18 GMT

GET
H/1.1 200
OK proximanova-semibold.woff
www.9news.com.au/assets/fonts/ 27 KB
27 KB 108ms
107ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/proximanova-semibold.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b390d59309fbb178f6ebd1163aee5d6a4c1d662678aabcc06d36d615a15695d0

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-6b48"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=17863719
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27464
Expires: Sat, 06 Apr 2024 04:25:04 GMT

GET
H/1.1 200
OK proximanova-regular.woff
www.9news.com.au/assets/fonts/ 19 KB
19 KB 345ms
129ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/proximanova-regular.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 70348920650a61a4fd3e88fa9ba43082d15c29bd825493ca3ea1010227e13173

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-4ab4"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=17863705
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19124
Expires: Sat, 06 Apr 2024 04:24:50 GMT

GET
H/1.1 200
OK proximanova-medium.woff
www.9news.com.au/assets/fonts/ 27 KB
27 KB 452ms
214ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/proximanova-medium.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f7f108ea5017bf23112a94c06871440cdb4b63cac58d410db94beded17a8f3b7

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-6bc4"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=17830809
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27588
Expires: Fri, 05 Apr 2024 19:16:34 GMT

GET
H/1.1 200
OK nec-icon-font.woff
www.9news.com.au/assets/fonts/ 7 KB
7 KB 463ms
113ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/nec-icon-font.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7bd9b1b93f7b192b50e4f93315a5c620f993e0a8cc69529abea76258694ac217

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-1c78"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=18391253
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7288
Expires: Fri, 12 Apr 2024 06:57:18 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 643ms
236ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6ad58a46318f2c69f760dbaf20cf05b7ee648534ea771956fff40f976660006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28972
x-xss-protection: 0
server: cafe
etag: 368 / 19612 / 31077684 / config-hash: 11314487324442825627
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 10:16:26 GMT

GET
H/1.1 200
OK nec-icon-font-v2.woff
www.9news.com.au/assets/fonts/ 14 KB
14 KB 125ms
124ms Font
font/woff 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/assets/fonts/nec-icon-font-v2.woff
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.6bec1b7c.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 059dc8b48633226f8c92bed9be67c1292e32119ab4fc7a180ecaf3b97f0b4123

Request headers

Referer: https://www.9news.com.au/assets/main.6bec1b7c.css
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:25 GMT
Last-Modified: Thu, 02 Jun 2022 00:12:22 GMT
Server: nginx
ETag: "62980066-3728"
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=18391253
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14120
Expires: Fri, 12 Apr 2024 06:57:18 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/ 407 KB
129 KB 4ms
3ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

78.134.111.34.bc.googleusercontent.com

Software

cafe /

Resource Hash

540dfacb5653359db263f2d751b3494596b42b5acae30bc379eec33e87ed40bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 10:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85158
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131474
x-xss-protection: 0
server: cafe
etag: 4360487527687814013
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 10 Sep 2024 10:37:08 GMT

GET
H2 200 mi9-core-ads.v3.js Show response
share.9cdn.net/share/short_cache/js/ads/ 6 KB
3 KB 61ms
6ms Script
application/x-javascript 18.67.111.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://share.9cdn.net/share/short_cache/js/ads/mi9-core-ads.v3.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-10.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f5fdbf79de15a7291adfaf52b016fa6877f6e85ee81c0a258cef6fc636ff7af

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: w5QUmhOfvYsTRuCh6AEwUZIf6SDNuzgW
content-encoding: gzip
via: 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront)
date: Tue, 12 Sep 2023 10:16:22 GMT
last-modified: Wed, 10 May 2023 06:41:56 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 4
etag: W/"36858e5931ce8026efee0da1c8d99dc7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=420
x-amz-cf-id: z4qpHNHYaMT1DvunepX_DgWMol0qrhKR1yW0sNdKVUDvj7iB1Wafyw==

GET
H2 200 mi9-tracking-loader.v4.js Show response
share.9cdn.net/share/short_cache/js/tracking/ 905 B
1 KB 60ms
7ms Script
application/javascript 18.67.111.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://share.9cdn.net/share/short_cache/js/tracking/mi9-tracking-loader.v4.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-10.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d31505fae40b96b0a92d6c1230adcfa779dc75cd5fbee67fd894a0cbce73e47

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: Uebx5UKGehLCU3gLi.f3FvhBqGXbETgf
date: Tue, 12 Sep 2023 10:16:21 GMT
via: 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront)
last-modified: Wed, 30 Aug 2023 00:42:37 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 5
etag: "0957ef8b1d524dafc324e4d0775b7a0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=420
content-length: 905
x-amz-cf-id: seajk8etWyVSbKiSPSpdRsIb7yHNo8ZHZ_Zpc1Jk1ZjiyN5WPU6awQ==

GET
H2 200 21460.js Show response
micro.rubiconproject.com/prebid/dynamic/ 399 KB
114 KB 413ms
106ms Script
text/javascript 23.215.58.157
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Requested by: Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.215.58.157 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-157.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d8840744a6d955e536f2cb13550217c4c01dd4b38d23cac75b89d6299c9b8e8e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
server: Apache
vary: accept-encoding, referer
edge-cache-tag: prod-prebid-21460_nine_desktop.js
content-type: text/javascript
cache-control: public, must-revalidate, max-age=14400
content-length: 116690
expires: Tue, 12 Sep 2023 21:23:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 249 KB
61 KB 39ms
2ms Script
application/javascript 18.67.92.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.92.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-92-138.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28a07ea9153aaa450bfa669a2fdac73af62cdbaf8ce6707818c83d3bffcbacd7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 09:25:41 GMT
content-encoding: gzip
via: 1.1 4bf8b888ab09c75583ef96928f051bfc.cloudfront.net (CloudFront), 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront)
last-modified: Thu, 07 Sep 2023 20:56:45 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1, SYD62-P1
age: 3046
x-amz-server-side-encryption: AES256
etag: W/"dbe99cd7da3b62fd2eb4471b4e2a636c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: Xov4uT9wY5iBjFBCS1TSTdHcLg47WoNmIXW8sR4T9UoU6rINOPLobA==

GET
H2 200 tag Show response
btloader.com/ 15 KB
7 KB 322ms
11ms Script
application/javascript 104.26.6.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5196279419240448&upapi=true
Requested by: Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f23b7ef7e5bea1ab43933b90d87e1b2f02553b7a254716dde730e25d892b79e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Sep 2023 09:48:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1516
etag: W/"a520d44e7e135a6d80ba5c5b2947be72"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGRIvAJXnCjTp7yPDGS2tXR8Fn94%2FendVWpdE9ocijw7CDlOMcYIESjLGx1re5eTD5lFv%2FxC6o0tjSvwN4pOJXrlKf6t91FFzgYx0%2FugWv8Ky4wQRGTunJ00E29V0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 8057652119c25727-SYD

GET
H/1.1 200
OK / Show response
loc.nine.com.au/ 15 B
342 B 772ms
108ms Fetch
application/json 23.77.129.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://loc.nine.com.au/
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.129.105 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-129-105.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0f6b0f3635ecfb17a1c40190574fa8f22ac8a8ce54388023e977f5a25d75a9a9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:27 GMT
Akamai-GRN: 0.a41dd017.1694513787.1a405844
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Tue, 12 Sep 2023 10:16:27 GMT

GET
H/1.1 200
OK / Show response
loc.nine.com.au/ 15 B
342 B 762ms
106ms Fetch
application/json 23.77.129.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://loc.nine.com.au/
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.129.105 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-129-105.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0f6b0f3635ecfb17a1c40190574fa8f22ac8a8ce54388023e977f5a25d75a9a9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:27 GMT
Akamai-GRN: 0.a41dd017.1694513787.1a405846
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Tue, 12 Sep 2023 10:16:27 GMT

GET
H2 200 prebid-config-prod.1.0.131.json Show response
share.9cdn.net/share/long_cache/js/prebidConfig/ 680 KB
62 KB 12ms
3ms Fetch
application/json 18.67.111.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://share.9cdn.net/share/long_cache/js/prebidConfig/prebid-config-prod.1.0.131.json
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/short_cache/js/ads/mi9-core-ads.v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-10.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b090266be807e87553b7d09e08f203286dc02c7fa1161f53628acaf94a9fb4ff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: 9BjQMnVvSGt0TYEIqH82WB0vzaIvtm46
content-encoding: gzip
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
date: Mon, 11 Sep 2023 19:35:04 GMT
x-amz-cf-pop: SYD62-P2
age: 55593
x-cache: Hit from cloudfront
last-modified: Tue, 07 Feb 2023 03:42:27 GMT
server: AmazonS3
etag: W/"1d9652de3f7796d41c2fdf32a6bfb2bf"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
cache-control: max-age=86400
access-control-allow-credentials: true
x-amz-cf-id: DomP15JQVqadGaGblv091HPFZKAfBqRfDY7o5Ujaf9ShpOhzMI-9Tg==

GET
H2 200 tracking.4.0.388.min.js Show response
share.9cdn.net/share/long_cache/js/tracking/ 420 KB
128 KB 5ms
5ms Script
application/javascript 18.67.111.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/short_cache/js/tracking/mi9-tracking-loader.v4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-10.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c915f78b8f017e8dc0a5d8de2ab967b7ebbb61b30330002cb0fb55d63600ae85

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: vv90yuS80a7R8tBT2G6HQUGTXVz61oia
content-encoding: gzip
via: 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront)
date: Mon, 11 Sep 2023 13:30:39 GMT
last-modified: Wed, 30 Aug 2023 00:40:27 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 74748
etag: W/"db8de41f9a159c7c2499dbd02b9c590f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: 1LI1ZkKX-9J3zHZGvHUDc4FyxpO2vEqsKyO7HAjqS6dxBEOd-Cl9ew==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 6ms
2ms XHR
application/javascript 18.67.92.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.92.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-92-138.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 bac8af6ab43417aff0768ef23a8c05de.cloudfront.net (CloudFront)
date: Mon, 11 Sep 2023 15:55:25 GMT
x-amz-cf-pop: SYD62-P1
age: 66061
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: twSwjE4vvf-bnm72cL2yT-G3mFwRrQ4BeAOMEpmDRDLM8_xr7f6Rsw==

GET
H2 200 3a363040-6cd2-4f15-aaf2-25414542a5f0 Show response
config.aps.amazon-adsystem.com/configs/ 537 B
804 B 43ms
22ms Script
application/javascript 18.67.111.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3a363040-6cd2-4f15-aaf2-25414542a5f0
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-56.syd62.r.cloudfront.net
Software: CloudFront /
Resource Hash: 1ae1bd31923eda000701ade31e3c41bbebc9b1f300fb2caecbda2af3e0a1c4e3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:09:20 GMT
via: 1.1 d3f1182213e75f053a9e7404f079d540.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SYD62-P2
age: 426
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: 32sPTEMqPeCGghhgyfpw_gXhv-0Cao5xkos6x-EOELMuUxFm0FOtww==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
312 B 2ms
2ms XHR
text/plain 18.67.92.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.9news.com.au&pubid=3a363040-6cd2-4f15-aaf2-25414542a5f0
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.92.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-92-138.syd62.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 09:39:16 GMT
via: 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SYD62-P1
age: 2229
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.9news.com.au
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: dTofvzIQGfCo6XjouAoL1I2aqjfCkptwbWHwWJzNEakzjzkfQ7TGBQ==

GET
H2 200 gdpr.js Show response
share.9cdn.net/share/short_cache/js/gdpr/ 5 KB
2 KB 3ms
2ms Script
application/x-javascript 18.67.111.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://share.9cdn.net/share/short_cache/js/gdpr/gdpr.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-10.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5d50fa6d23cb2163dcedc0e2f61a3cd36e624ebea0ae1f50325ae5b50ac0e17e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-meta-cache-control: public,max-age=360
x-amz-version-id: 0_NTiAhN4TdhlYGHxkv6Da5IyXYTTuEC
content-encoding: gzip
date: Tue, 12 Sep 2023 10:13:51 GMT
last-modified: Tue, 03 Jul 2018 05:41:18 GMT
server: AmazonS3
via: 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P2
etag: W/"1eccfa9d0c6dccdb7854cfa9d84bc511"
age: 156
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: public,max-age=360
x-amz-cf-id: kcjhkjtgw4UcfQPygqeIHKNnD4dzWVygfD5WOpbBwaLyuOrs7GfKIA==

GET
H2 200 ggcmb510.js Show response
secure-dcr.imrworldwide.com/novms/js/2/ 12 KB
5 KB 118ms
3ms Script
application/javascript 54.79.222.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-dcr.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.79.222.52 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-79-222-52.ap-southeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
last-modified: Thu, 10 Aug 2023 14:49:43 GMT
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
etag: "64d4f907-112a"
access-control-allow-methods: POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 4394

GET
H2 200 iseuro Show response
loc.api.nine.com.au/api/location/ 16 B
466 B 82ms
18ms XHR
application/json 18.67.93.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://loc.api.nine.com.au/api/location/iseuro
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/short_cache/js/gdpr/gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-103.syd62.r.cloudfront.net
Software: /
Resource Hash: 7bb57035e9f7413a431c3f6b2861a67c5ae77ba3727883d23f6b6cd9df89136a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 16
x-amz-cf-pop: SYD62-P1
x-amzn-requestid: 65feb3db-b817-4829-8914-bb4549eb149f
x-amzn-trace-id: Root=1-65003a7a-6bc8eb582f6672b35c042747;Sampled=0;lineage=a6a205d9:0
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
x-amz-apigw-id: LI4TQGp2ywMFtUw=
content-length: 16
x-amz-cf-id: G7cYedCSUob5nyYq-NTXVEqA6qle-GkPls6lxhX3CnCzKmhTihXx9w==

GET
H2 200 moatheader.js Show response
z.moatads.com/ninegamheader317783335130/ 250 KB
87 KB 563ms
178ms Script
application/x-javascript 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/ninegamheader317783335130/moatheader.js
Requested by: Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fee57a14100c777ea6a06d33069bad09114c7cd8594ee4b9373c9a856d89b423

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 08:33:17 GMT
server: AmazonS3
x-amz-request-id: JQJYFQ44SPCYTBBM
etag: "7d1a7689d64dd9b336d71c7dbf1f073c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=59139
accept-ranges: bytes
content-length: 88863
x-amz-id-2: j0e4sTJomrB2tlyPvnz41M4+zuw95hxGSqdmNFIRUPyCQVSmErNKRrSg+7MCHnenpSDFD8OxU0A=

GET
H2 200 v2zyxN4yzA1uUP3CjcnCOemSY5TR01ifp5OqsvU5jUvPuaVeFoP3kNa_b-AD459Ez Show response
teenytinyshirt.com/ 67 KB
24 KB 566ms
140ms Script
text/javascript 34.111.134.78
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://teenytinyshirt.com/v2zyxN4yzA1uUP3CjcnCOemSY5TR01ifp5OqsvU5jUvPuaVeFoP3kNa_b-AD459Ez

Requested by

Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.134.78 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

132d94233a9a4b183d91b2502d7e820cdbd7e141b0a7b00e200b597f8aacfabb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Tue, 12 Sep 2023 10:16:27 GMT
x-datacenter: gce-asia-east1
etag: "512894f136bf5cd4252b71f8d79711cf6a2ca0b5021e2d95f5363c2ea3cb4128"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-asia-east1-3r86
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 998028631
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 dc Show response
sur46em8q2.execute-api.us-east-1.amazonaws.com/prod/ 257 B
617 B 270ms
232ms XHR
application/json 13.35.147.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sur46em8q2.execute-api.us-east-1.amazonaws.com/prod/dc
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-64.syd1.r.cloudfront.net
Software: /
Resource Hash: 12842e1120fd88935f7a6f48e4fd9cda26572a76a397ae20ac4288b8bea486a8

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 56e3030ee748cd5ccc335e8eb40c7800.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-amzn-trace-id: Root=1-65003a7b-42c7f77e7d05485918736a1e
x-amzn-requestid: c077ac4d-690e-4dcd-a4a3-5a337a973c0e
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: LI4TSEWHoAMFl9A=
content-length: 257
x-amz-cf-id: 0C7R7OUZDmUTtpdD7fyhnuMPQpy11kl4_ANj3-uwqJVwqnGw4vSvgg==

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 191ms
179ms Fetch 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5196279419240448&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
322 B 330ms
19ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 586319
x-guploader-uploadid: ADPycdv7DlwoGU002m3zuuTgnmeSMEhVsDLsLT3TOs1VoBaU3YcYhXZDgBve3bxcUtSZyDINNEaUhyszjmnz36evtZnkRWB4bTqy
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYGiDmxExx48YhdxNYo6vcq77EtpLiK9hxe8ZeZk5wjqiQ6OX%2B1ibF01Ms05MIcd6TazNjjRr%2BhbijL2tABbAoX8UKYfKonkq6OaAhbvh2wJbXFkWKieJ48gyPBtN24UMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8057652339d96a4b-SYD
expires: Tue, 05 Sep 2023 15:51:38 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 121ms
2ms Image
image/x-icon 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 19:05:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54675
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 19:05:12 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
920 B 326ms
15ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.933554692442121
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 586319
x-guploader-uploadid: ADPycdv7DlwoGU002m3zuuTgnmeSMEhVsDLsLT3TOs1VoBaU3YcYhXZDgBve3bxcUtSZyDINNEaUhyszjmnz36evtZnkRWB4bTqy
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0gqYxMGyMC3xJTSBj8S7dpQHPRoNVtzHm1bp2ZmbgvgZ2XLppnkeO66l0dEQviE0B%2BsJOVJuAm8BuSo1k1KpPPg0nyL417lTgMCFzYhOoBdZOo%2F4ojzE9Hr8F7sg%2F4wjA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8057652349db6a4b-SYD
expires: Tue, 05 Sep 2023 15:51:38 GMT

GET
H2 200 glcfg510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/configs/ 2 KB
1 KB 325ms
3ms Script
application/javascript 13.35.147.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by: Host: secure-dcr.imrworldwide.com
URL: https://secure-dcr.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-13.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: DEauhT2pEGQswqNbsEEdTCI.7t73PaeW
content-encoding: gzip
via: 1.1 4acb5efdd4b252788b64d73e2726c236.cloudfront.net (CloudFront)
date: Tue, 12 Sep 2023 10:16:13 GMT
last-modified: Tue, 01 Aug 2023 15:37:57 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 15
x-amz-server-side-encryption: AES256
etag: W/"931051f801612c3a0e2782961ac3d56c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: Wl-OX1YPbF7d_eT_qoiSyaUeLjnq_l1jfDEZmRRdmWHNzNY0qOf_PA==

GET
H2 200 storageframe.html Show response
secure-gl.imrworldwide.com/ Frame 0B6C 11 KB
4 KB 351ms
11ms Document
text/html 13.35.147.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-gl.imrworldwide.com/storageframe.html
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-73.syd1.r.cloudfront.net
Software: nginx /
Resource Hash: c6107c1c1f1588cac73cb68d83222515b12c5dbf7f988fd0c39b4ff16414d3bc

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:27 GMT
etag: W/"64d4f907-2b27"
last-modified: Thu, 10 Aug 2023 14:49:43 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 ff9e105aa8810f98f1f8f9ec61929886.cloudfront.net (CloudFront)
x-amz-cf-id: g22raaU9TLnBFapGUHV96754B18IwhneFVL70Bne_fsQmwH5iV_fXg==
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138

2 KB
2 KB

7ms
7ms

XHR
application/json

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d03b2e050cf9099a955c0124bc09ed92fec26c3948839ed60b22c32fe38f5d8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-08153ea96.edge-apse2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 8LvcX0AzRM0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.9news.com.au
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 793
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-apse2-2-v049-094256e8c.edge-apse2.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Bnhu5j3RRMA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.9news.com.au
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&ts=1694513787138
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 adc.js Show response
adc-js.nine.com.au/ 89 KB
27 KB 127ms
5ms Script
application/javascript 13.35.147.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adc-js.nine.com.au/adc.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-68.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aabe06853ff07106051526bf5f763aa0ec84dab11c57ed5a69a8c98469e42e6b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:11:49 GMT
content-encoding: gzip
via: 1.1 4bf8b888ab09c75583ef96928f051bfc.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 00:46:41 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 279
x-amz-server-side-encryption: AES256
etag: W/"a03c9f194bdb6343558115e31ec67213"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=300
x-amz-cf-id: 7ucT83ULejtIygO_tNDaPwlT-YHXZHKKrPdNZeoMYWFpYc01DGXSnQ==

GET
H2 200 launch-52457de27223.min.js Show response
assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/ 80 KB
22 KB 637ms
117ms Script
application/x-javascript 23.77.128.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/launch-52457de27223.min.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.128.136 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-128-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a962475e41e0f3c14b4ab5bca91d47539c89e25ce0eb6b4518e8251ac7e7fa26

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
last-modified: Tue, 05 Sep 2023 03:37:56 GMT
server: AkamaiNetStorage
etag: "aa4ce2ec23792490c770aa33c8a0c48f:1693885076.188113"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.9news.com.au
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 21806
expires: Tue, 12 Sep 2023 11:16:27 GMT

GET
H/1.1 200
OK cookie Show response
ads.adaptv.advertising.com/ 0
494 B 885ms
96ms Script
text/html 52.220.65.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/cookie?pageUrl=https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily&isTop=true&callback=1
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.220.65.196 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-220-65-196.ap-southeast-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
content-type: text/html

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 193 KB
52 KB 314ms
4ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Sep 2023 10:16:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 52127
x-xss-protection: 0
pragma: public
x-fb-debug: aydj47RuVBOMjB0iC4jY3dunQ66Mf2Eo/YxIe+29sAdrPPcrEpHkbe7eP+nxTAbGvxf2f0+yFKrGIAueptjEeA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sp.js Show response
d2uhnetoehh304.cloudfront.net/2.18.2/ 77 KB
26 KB 320ms
3ms Script
application/javascript 13.35.148.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2uhnetoehh304.cloudfront.net/2.18.2/sp.js
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.148.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-148-102.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e60566140391e341c2fb0139d6a36214cc68a132acfb259cfbeabe5fc5c3790f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 16:19:43 GMT
x-amz-version-id: JFn9oWi_80iJDSpl5A8l2vLm9haS4_nx
content-encoding: br
last-modified: Wed, 14 Jun 2023 00:43:54 GMT
server: AmazonS3
via: 1.1 e677c49086c9d85b00b0230e47b36ec0.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
etag: W/"0a624c4cf1d03d57f36c0054aa6db9a8"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
age: 64604
x-amz-cf-id: fcJq2UCiCp-fDMGe1fp4T5vz4Ihj-M74edWs3oHqLKJ4_7C4o5cMxw==

GET
H2 200 door.js Show response
au-script.dotmetrics.net/ 10 KB
4 KB 23ms
4ms Script
application/javascript 18.67.111.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/door.js?d=www.9news.com.au&t=world
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-102.syd62.r.cloudfront.net
Software: Kestrel /
Resource Hash: 70a42bf0ccdc04e36391e85a10de81b11237d723536e2fabac7d886416ac55c0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: br
via: 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: SYD62-P2
etag: ".www.9news.com.au.world.232.2023091210"
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type: application/javascript
cache-control: private
x-amz-cf-id: lO1J3CQC5P1Eu_IcL0metkGjdYZDX4Im3S-lcjVy4BA4u4tIsiaMYg==

GET c.gif
c.9news.com.au/ 0
0

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 578ms
189ms Image
image/gif 52.86.91.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=nine.com.au&p=%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&u=DfMVHDDUliW0DvXAZ7&d=9news.com.au&g=42370&g0=9news&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=3576&t=DyJdQCO2Ifvpk6FiexRjCdi8Dz&V=116&i=Kim%20Jong-un%20visits%20Russia%3A%20North%20Korean%20leader%27s%20armoured%20train&tz=-480&sn=1&sv=ByQVjN-AFVqDV57wgDIAErHBZ0gZf&sd=1&im=061b9ef3&_
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.86.91.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-86-91-163.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 249 B
558 B 775ms
153ms XHR
application/json 151.101.2.202
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=nine.com.au&domain=9news.com.au&path=%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617
Requested by: Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.202 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a901c7258dbcae0c8d7ede8a434bdfbf854e457924553eb0750da61c64b07e0c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-cache-hits: 1
date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
age: 1206
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 199
x-served-by: cache-bfi-krnt7300076-BFI
x-timer: S1694513788.871694,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sun, 10 Sep 2023 09:56:22 GMT

GET
H/1.1 200
OK dest5.html Show response
nd.demdex.net/ Frame 141F 7 KB
3 KB 53ms
3ms Document
text/html 13.237.172.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.237.172.12 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-237-172-12.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcscanary-prod-apse2-1-v069-0af62861f.edge-apse2.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: E1r8ylBcQGE=
content-encoding: gzip
date: Tue, 12 Sep 2023 10:16:27 GMT
last-modified: Wed, 28 Jun 2023 09:35:25 GMT
vary: accept-encoding

GET
H2 200 id Show response
somni.nine.com.au/ 48 B
459 B 22ms
5ms XHR
application/x-javascript 63.140.56.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://somni.nine.com.au/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&mid=58157680913770896520111483780606793850&ts=1694513787193

Requested by

Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.56.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-56-123.data.adobedc.net

Software

jag /

Resource Hash

2cbee3c8adf248aecc2f3b83bc136dab52ccb0f5efcfa5f97e22c23a22555afb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.9news.com.au
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZQA6ewAAAMaERQN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=58185842840099411110109793075429731449
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZQA6ewAAAMaERQN-

42 B
944 B

6ms
6ms

Image
image/gif

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZQA6ewAAAMaERQN-

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-09f2a53ec.edge-apse2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Y2twL2/kSNE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZQA6ewAAAMaERQN-
Date: Tue, 12 Sep 2023 10:16:27 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 7ms
6ms XHR
application/json 13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=50AB0C3A53DB1B290A490D4D%40AdobeOrg&d_nsid=0&d_mid=58157680913770896520111483780606793850&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1694513787225

Requested by

Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

4d7d5e740208b85c300f045de745e98c3332fc635cbeb8e851a2ad732246bfae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-apse2-1-v049-0ad7bca78.edge-apse2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: UsLAJUd9T94=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.9news.com.au
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 793
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 s98196258002830
somni.nine.com.au/b/ss/msnportalaucatglobal/1/JS-1.6.4/ 43 B
201 B 6ms
6ms Image
image/gif 63.140.56.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://somni.nine.com.au/b/ss/msnportalaucatglobal/1/JS-1.6.4/s98196258002830?AQB=1&ndh=1&pf=1&t=12%2F8%2F2023%2018%3A16%3A27%202%20-480&mid=58157680913770896520111483780606793850&aamlh=8&ce=UTF-8&ns=msnportal&cdp=3&pageName=news%3A9news%3Aworld%3Akim%20jong%20un%3Agallery-Kim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&g=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&c.&web.&tags=Kim%20Jong%20un%7CNorth%20Korea%7CTransport%7Ctrains%7Caircraft%7Cship%7CCars&datePublished=2023-09-12T02%3A22%3A27Z&.web&.c&cc=AUD&ch=news%3A9news&server=www.9news.com.au&v0=edm-nine.com.au-ninedaily--230912&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=news%3A9news%3Aworld&h1=news%7C9news%7Cworld%7Ckim%20jong%20un&c2=en-au&v2=news%3A9news&h2=news%3A9news%7Cgallery%7CKim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&c3=news%3A9news%3Aworld%3Akim%20jong%20un&v3=news%3A9news%3Aworld&c4=news&v4=news%3A9news%3Aworld%3Akim%20jong%20un&c5=ninemsn&c7=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&c14=desktop&c21=gallery&c22=Kim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&c23=true&c26=8%3A00PM&c42=edm-nine.com.au-ninedaily--230912&c57=4f3a921f-dfc4-4f12-94d9-698a73627617&v91=edm-nine.com.au-ninedaily--230912&v92=edm-ninedaily&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.56.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-56-123.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 10:16:27 GMT
server: jag
etag: 3638940650198302720-4617940735358112645
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 11 Sep 2023 10:16:27 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=2929370047501124640
dpm.demdex.net/ Frame 141F
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2929370047501124640

42 B
945 B

18ms
18ms

Image
image/gif

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=2929370047501124640

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-0a0bd5625.edge-apse2.demdex.com 14 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 0BZDRMyDTyA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:28 GMT
an-x-request-uuid: 87d17e9d-7da3-4eca-92d9-d1ff7b4cf821
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=2929370047501124640
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEFOuyhmSb63R87BnrFarJvU&google_cver=1
dpm.demdex.net/ Frame 141F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTgxODU4NDI4NDAwOTk0MTExMTAxMDk3OTMwNzU0Mjk3MzE0NDk=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTgxODU4NDI4NDAwOTk0MTExMTAxMDk3OTMwNzU0Mjk3MzE0NDk=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEFOuyhmSb63R87BnrFarJvU&google_cver=1?gdpr=0&gdpr_consent=

42 B
945 B

20ms
17ms

Image
image/gif

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEFOuyhmSb63R87BnrFarJvU&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-2-v049-0336bc339.edge-apse2.demdex.com 13 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: P3tgfbMYTTM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEFOuyhmSb63R87BnrFarJvU&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 179ms
178ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5196279419240448&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 179ms
179ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=iV2hxAV6ar&w=5734605169098752&o=5196279419240448&cv=2.1.17-2-g0b33bd3&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&sid=DEqahK78&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5196279419240448&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 12 Sep 2023 10:16:27 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 hit.gif
au-script.dotmetrics.net/ 43 B
1 KB 10ms
9ms Image
image/gif 18.67.111.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://au-script.dotmetrics.net/hit.gif?id=12900&url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&dom=www.9news.com.au&r=1694513787438&pvs=1&pvid=f5cf474d-eeb8-4bac-9c0d-0cb2ee463047&c=true&tzOffset=-480&doorUrl=http%3a%2f%2fau-script.dotmetrics.net%2fdoor.js%3fd%3dwww.9news.com.au%26t%3dworld
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-102.syd62.r.cloudfront.net
Software: Kestrel /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
dotmetrics-hit-status: 01 OK
via: 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type: image/gif
cache-control: no-cache
x-amz-cf-id: La-4hafo07I1C3iYnpc4RuUdUe-k_ZpqYFbDFDzbFOnMTjf2mBaD2w==

GET
H2 200 hit.gif
rm-script.dotmetrics.net/ 807 B
1 KB 404ms
7ms Image
image/gif 13.35.147.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rm-script.dotmetrics.net/hit.gif?id=12900&url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&dom=www.9news.com.au&r=1694513787438&pvs=1&pvid=f5cf474d-eeb8-4bac-9c0d-0cb2ee463047&c=true&tzOffset=-480
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-85.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 17:00:08 GMT
via: 1.1 bc447bebac6752b9d1351a9e5ee7d13a.cloudfront.net (CloudFront)
last-modified: Tue, 18 Apr 2023 12:25:02 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 62179
x-amz-server-side-encryption: AES256
etag: "e4f758e6322c8f8abfa1f6eba71ee873"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=86400
accept-ranges: bytes
content-length: 807
x-amz-cf-id: 0Mw7LMjBD60iRTi37jCYSvXdKNC3FOoDSvTOaDaSn7suFhxI1L2FSg==

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 767ms
152ms XHR
application/json 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230912

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c2fbbf1f616091d16a20443f2fa2ffa462f075d3d803dd87d20c02aac24e5da4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Sep 2023 10:16:28 GMT
x-content-type-options: nosniff
content-encoding: br
age: 22536
x-jsd-version: 1.0.1810
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 844
x-served-by: cache-fra-eddf8230103-FRA, cache-bfi-krnt7300111-BFI
x-jsd-version-type: version
etag: W/"63f-ujPp1VkgTYBbdaXL3bnAAK2Hw+s"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 804 B
2 KB 870ms
277ms XHR
application/json 69.173.158.65
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21460&site_id=284520&zone_id=2974636&size_id=15%3B2&alt_size_ids=10%3B&rf=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&tg_i.domain=9news.com.au&tg_i.page=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&tg_i.pagetype=gallery&tg_i.pos=2%3B1&tg_i.foldposition=above&tg_i.adUnitPath=%2F133009657%2F9news%2Fworld%2Fkim-jong-un&tg_i.aupname=133009657%2F9news%2Fworld.*&tg_i.pbadslot=%2F133009657%2F9news%2Fworld%2Fkim-jong-un%23adspot-desktop-halfpage-3-above%3B%2F133009657%2F9news%2Fworld%2Fkim-jong-un%23adspot-desktop-banner-2-above&tk_flint=dmpbjs_v7.54.0&x_source.tid=d0a82ce3-8b18-4c97-b5b6-3385631a2e8f%3B3a7346bb-ed25-4979-a50e-779d56bb58f8&l_pb_bid_id=2df257f11cd816%3B3a220db2979b89&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d0a82ce3-8b18-4c97-b5b6-3385631a2e8f%3B3a7346bb-ed25-4979-a50e-779d56bb58f8&rp_maxbids=1&p_gpid=%2F133009657%2F9news%2Fworld%2Fkim-jong-un%23adspot-desktop-halfpage-3-above%3B%2F133009657%2F9news%2Fworld%2Fkim-jong-un%23adspot-desktop-banner-2-above&slots=2&rand=0.24850167774126408
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 247d714b9e055e0b9ba320681a787144188cee283e1231c66230bd14beeb733d

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.9news.com.au
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 7 KB
5 KB 241ms
228ms XHR
application/json 172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=1018156
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5cce2fd2c5b5e89eb891b0ea876b6e232853765d6edd8e9222e0bf23b25c9fc8

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7q7n78edpKsWXbU5G2uriVszgfmBTyjpBKyzCHlmQrXqkvsbEszd4qeuGVxHuihtf%2FH%2FI8%2BJFJQNgh8twZxiBRuhghExYo8iPtTluj4w8SBWHQLQzCvryYFjLKg0SnTD6yTVJ4o"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.9news.com.au
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 80576523cde85c0d-SYD
alt-svc: h3=":443"; ma=86400
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 625ms
207ms XHR
text/plain 207.65.33.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.78 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.9news.com.au
date: Tue, 12 Sep 2023 10:16:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 261 B
1 KB 572ms
366ms XHR
application/json 103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 , Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

ec2-13-251-217-38.ap-southeast-1.compute.amazonaws.com

Software

nginx/1.21.3 /

Resource Hash

4245ef0e76b405bc57c8e6794fad810cdc2b1e43c262437f07f81ba7cb0aa109

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
an-x-request-uuid: 470cf262-9f3a-43ae-9472-e04412d0e961
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 261
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
259 B 206ms
197ms XHR
text/plain 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 78dec4c2df62ca7455362deaf39896ee0b2563282143d1611f98b6e71b0ff4d0

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://www.9news.com.au
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
528 B 347ms
143ms XHR
application/json 13.251.217.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=7.54.0&referrer=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&tmax=1500

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.251.217.38 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
accept-ch: user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2

404

sync
ups.analytics.yahoo.com/ups/28/ Frame 141F
Redirect Chain

https://pixel.advertising.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true&verify=true

0
208 B

100ms
100ms

Image
text/plain

13.228.126.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true&verify=true

Requested by

Protocol

Server

13.228.126.19 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-228-126-19.ap-southeast-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:28 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/28/sync?uid=58185842840099411110109793075429731449&_origin=1&redir=true&verify=true
date: Tue, 12 Sep 2023 10:16:27 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 PFC7A06D1-31DD-4749-87F8-8FFD52371467.js Show response
cdn-gl.imrworldwide.com/conf/ 32 KB
7 KB 3ms
3ms Script
application/javascript 13.35.147.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PFC7A06D1-31DD-4749-87F8-8FFD52371467.js
Requested by: Host: players.brightcove.net
URL: https://players.brightcove.net/664969388001/H190EXsjW_default/index.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-13.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5fba4c08195cfae471ec54864b46ef36c35eeab7ba5ee1d1ef3c473a02ac36d4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: HulCgjmEUskgqCXlXK3JxTfC4PwsnWEE
content-encoding: gzip
via: 1.1 4acb5efdd4b252788b64d73e2726c236.cloudfront.net (CloudFront)
date: Tue, 12 Sep 2023 10:10:18 GMT
last-modified: Tue, 12 Sep 2023 07:20:15 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 370
x-amz-server-side-encryption: AES256
etag: W/"5c8e8aa17e9a4bb6c08ed1a45c8be588"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-id: uMT47MTbhF_ucUO7WxUQqjK-HlVnjIrypUnkTUGE-v8ieuqqN18CEA==

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 199 KB
56 KB 3ms
3ms Script
application/javascript 13.35.147.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PFC7A06D1-31DD-4749-87F8-8FFD52371467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-13.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d98cc6e770bf9c71b8758a040222960e918adb20cc1f71f2296ae4f70256d510

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: Aabpvbg3ktgBmwIqp1b4kZ3V88L5QhMx
content-encoding: gzip
via: 1.1 4acb5efdd4b252788b64d73e2726c236.cloudfront.net (CloudFront)
date: Tue, 12 Sep 2023 10:11:50 GMT
x-amz-cf-pop: SYD1-C1
age: 278
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Wed, 06 Sep 2023 13:04:53 GMT
server: AmazonS3
etag: W/"2be1fe7a43ef5ba626afab2ceddfc177"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: 0wQkF2HFnFAc0QpVkUEc5yXwM5kL_ncZ7Iha1isSjVlMLYgOvP968A==

GET
H2

200

m
secure-gl.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-tr...
https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-tr...

44 B
578 B

8ms
7ms

Image
image/gif

13.35.147.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&sr=1600x1200&id=lstrg-943c0eda30072c49831a1888b1f927bd&tz=8&ja=1
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Server: 13.35.147.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-73.syd1.r.cloudfront.net
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 ff9e105aa8810f98f1f8f9ec61929886.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: 7ijr8mhQuK2odmtIjWgicHXoauLFtw5TPcIGYNiqREFMUL66vcq4nw==
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 ff9e105aa8810f98f1f8f9ec61929886.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 0
pragma: no-cache
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
location: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1694513787492&ci=ninemsn&js=1&cg=0&ts=gdpr.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&sr=1600x1200&id=lstrg-943c0eda30072c49831a1888b1f927bd&tz=8&ja=1
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: lrrkkQRBvTcHBX1ceBadTDXq0XmzBeFjVGZBlDisbRw5AdIx1vG3nA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 019C 12 KB
4 KB 3ms
3ms Document
text/html 13.35.147.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-13.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 1888
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Tue, 12 Sep 2023 09:49:13 GMT
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
last-modified: Tue, 01 Aug 2023 15:37:57 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 4acb5efdd4b252788b64d73e2726c236.cloudfront.net (CloudFront)
x-amz-cf-id: 8zKF2BQ20-2oHMlQQE-S2YFYhoJ4nWFxTZo8CzVZPd-VRejFCukP0g==
x-amz-cf-pop: SYD1-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: Au7fEiQYXrwp6aCgYjEnL0zIkXNw87j8
x-cache: Hit from cloudfront

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 755ms
148ms Image
image/gif 18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?bannnerid=6061321_advertisement_
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 14 May 2023 09:17:17 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 594aa5e4a6030c26c04a6a841838abb2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 10457952
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: Q267Qxf8f_Cc4uAsxkWlUmM_GeuV8xaFAjEOVIggQ2gDpqZCbHwtxQ==

GET
H2 200 script.js Show response
au-script.dotmetrics.net/Scripts/ 36 KB
15 KB 9ms
9ms Script
application/javascript 18.67.111.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/Scripts/script.js?v=232
Requested by: Host: au-script.dotmetrics.net
URL: https://au-script.dotmetrics.net/door.js?d=www.9news.com.au&t=world
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-102.syd62.r.cloudfront.net
Software: Kestrel /
Resource Hash: 437418fca3c9a4099c883f257c5fd32c14d79eced6ab73a70ffefa5dfe308651

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: br
via: 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront)
last-modified: Thu, 07 Sep 2023 13:36:02 GMT
server: Kestrel
x-amz-cf-pop: SYD62-P2
etag: "1d9e1903e3f9dff"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: THH0oOM7wqLbYgephptnNSKrSM6HUJNNdZGjW1zuOO-5-BsyDZf_kw==

GET
H2 200 144664492878171 Show response
connect.facebook.net/signals/config/ 149 KB
39 KB 3ms
3ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/144664492878171?v=2.9.125&r=stable&domain=www.9news.com.au

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

a56c82a656de85ec8a8fcee2d74de60d0b08596e5f45f9f4a043963be457918e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Sep 2023 10:16:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 38987
x-xss-protection: 0
pragma: public
x-fb-debug: dYsFCJlzv7d8BgIy/5IWv5FxTWzDyYA1W8UFkAZneyc+x/e+3aTpyKV2PC7Mf0Z7ffjHFzSDuOtgRzY1VQa1EA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 500 usersync.html
image5.pubmatic.com/AdServer/usersync/ Frame 141F 0
0 925ms
685ms Image
text/html 23.215.59.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.59.10 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-59-10.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 019C 44 B
424 B 5ms
4ms Image
image/gif 54.79.222.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PFC7A06D1-31DD-4749-87F8-8FFD52371467&sessionId=onxhttku260m6ahuip1njbdow6l8e1694513787&c16=sdkv,bj.6.0.0&uoo=&fp_id=68tal7smowbhzl5b68sdxgqzsfmf61694513787&fp_cr_tm=1694513787515&fp_acc_tm=1694513787515&fp_emm_tm=1694513787515&ve_id=&c30=bldv,6.0.0.673&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.79.222.52 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-79-222-52.ap-southeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:27 GMT
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
onxhttku260m6ahuip1njbdow6l8e1694513787.nuid.imrworldwide.com/ Frame 019C 35 B
351 B 368ms
2ms Image
image/gif 18.67.93.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onxhttku260m6ahuip1njbdow6l8e1694513787.nuid.imrworldwide.com/
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-31.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 16:17:08 GMT
via: 1.1 c2fff340a6d5f4b9c17041a88b37f0f4.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P1
age: 64759
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 35
x-amz-cf-id: NcfXahiFbfH3wYy65JgypGlJX3R9YCUza0WKhbs3IdVCylkwdHxR9A==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 314ms
3ms Image
text/plain 157.240.8.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=144664492878171&ev=PageView&dl=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&rl=&if=false&ts=1694513787613&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.2.1694513787610.2130669656&cs_est=true&it=1694513787586&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-syd2.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Sep 2023 10:16:27 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

OPTIONS
H2 200 tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 212ms
178ms Preflight
text/html 34.110.168.46
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.168.46 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 46.168.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.9news.com.au
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.9news.com.au
access-control-max-age: 5
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 12 Sep 2023 10:16:27 GMT
server: Google Frontend
via: 1.1 google
x-cloud-trace-context: 4fa48d64be7588709c765f86a710983f

POST
H3 200 tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
20 B 186ms
177ms XHR
text/plain 34.110.168.46
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.18.2/sp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.110.168.46 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 46.168.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
via: 1.1 google
server: Google Frontend
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.9news.com.au
x-cloud-trace-context: ef09f0b8cd80c52adaa3f248da10598b
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H/1.1 200
OK 2000 Show response
www.9news.com.au/services/weather/ 14 KB
3 KB 193ms
192ms Fetch
application/json 23.215.58.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.9news.com.au/services/weather/2000?hourlyInterval=3
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/assets/main.35b23f4d.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.58.118 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-58-118.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 126011d7e3add37770c6df9a59b3c55aa642fd3224cff9a30a3729afce423380

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:27 GMT
Content-Encoding: gzip
Server: nginx
ETag: "3722-La+U7voLvMhU1IRB5yVdXQ0q8Fs"
X-Cache-Status: HIT
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: public, max-age=136
Connection: keep-alive
Content-Length: 2659
Expires: Tue, 12 Sep 2023 10:18:43 GMT

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 141F
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=58185842840099411110109793075429731449&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58782/cms?partner_id=ADOBE&_hosted_id=58185842840099411110109793075429731449&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-T4viT_JE2pENFUlyRUue_IcQ6f.55S0rQHs-~A

42 B
944 B

9ms
5ms

Image
image/gif

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-T4viT_JE2pENFUlyRUue_IcQ6f.55S0rQHs-~A

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-0d4b2cf1c.edge-apse2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: o+ZEDGKPQKM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-T4viT_JE2pENFUlyRUue_IcQ6f.55S0rQHs-~A
date: Tue, 12 Sep 2023 10:16:28 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 SiteEvent.dotmetrics Show response
au-script.dotmetrics.net/ 398 B
1 KB 85ms
84ms Script
application/javascript 18.67.111.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/SiteEvent.dotmetrics?v=eyJpZCI6MTI5MDAsImZsIjp0cnVlLCJkb20iOiJ3d3cuOW5ld3MuY29tLmF1IiwibHNvIjpudWxsLCJ1cmwiOiJodHRwczovL3d3dy45bmV3cy5jb20uYXUvd29ybGQvaG93LWtpbS1qb25nLXVuLXRyYXZlbHMtd2hlbi1oZS1sZWF2ZXMtbm9ydGgta29yZWEvNGYzYTkyMWYtZGZjNC00ZjEyLTk0ZDktNjk4YTczNjI3NjE3P29jaWQ9ZWRtLW5pbmUuY29tLmF1LW5pbmVkYWlseS0tMjMwOTEyJm1rdGdfc2NyPWVkbS1uaW5lZGFpbHkiLCJydXJsIjoiIiwicHZpZCI6ImY1Y2Y0NzRkLWVlYjgtNGJhYy05YzBkLTBjYjJlZTQ2MzA0NyIsInR6T2Zmc2V0IjotNDgwLCJvc3MiOnRydWUsIm9zZXMiOnRydWV9&r=1694513787710
Requested by: Host: au-script.dotmetrics.net
URL: https://au-script.dotmetrics.net/Scripts/script.js?v=232
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-102.syd62.r.cloudfront.net
Software: Kestrel /
Resource Hash: e8e2fd0f586f16e64b87754f69638ead8be91e475d45c305c0061867dd3418d7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:27 GMT
content-encoding: br
via: 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: SYD62-P2
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type: application/javascript
cache-control: no-cache
x-amz-cf-id: vwDxlo-54ivQ_joQcHyG1sBeMyb-qdPNFzs-yaO-0_LLOp9-ai5auA==

GET
H/1.1

200
OK

ibs:dpid=72352&dpuuid=4410630201151488550841&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame 141F
Redirect Chain

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=4410630201151488550841&gdpr=0&gdpr_consent=

42 B
944 B

7ms
7ms

Image
image/gif

13.239.80.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=72352&dpuuid=4410630201151488550841&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

13.239.80.30 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-239-80-30.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-0c360082d.edge-apse2.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: OllwgRBQQ+0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=72352&dpuuid=4410630201151488550841&gdpr=0&gdpr_consent=
date: Tue, 12 Sep 2023 10:16:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 141F
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=58185842840099411110109793075429731449
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58185842840099411110109793075429731449

0
338 B

532ms
153ms

Image
text/plain

54.213.5.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58185842840099411110109793075429731449
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Server: 54.213.5.1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-213-5-1.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-served-by: beacon-n004-pdx-prod.krxd.net
date: Tue, 12 Sep 2023 10:16:28 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1694513791
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58185842840099411110109793075429731449
date: Tue, 12 Sep 2023 10:16:28 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a009-ash-prod.krxd.net

GET
H2 200 RC26dd0d6fcf8345c9a40a6e41fcc4f522-source.min.js Show response
assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/c75357ffae9c/ 1 KB
819 B 102ms
102ms Script
application/x-javascript 23.77.128.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/c75357ffae9c/RC26dd0d6fcf8345c9a40a6e41fcc4f522-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/launch-52457de27223.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.128.136 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-128-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8a5cc08abe451fd343f4d8468c00d0e23e038defe68c46c28b9827f3a87b72d0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:28 GMT
content-encoding: gzip
last-modified: Tue, 05 Sep 2023 03:37:56 GMT
server: AkamaiNetStorage
etag: "e46f585358825e8de357e67a6d77238b:1693885076.868181"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.9news.com.au
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 561
expires: Tue, 12 Sep 2023 11:16:28 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 313 B
487 B 401ms
103ms Script
text/html 13.228.125.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&pcode=ninegamheader317783335130&rx=166864991930&callback=MoatNadoAllJsonpRequest_91783656
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/ninegamheader317783335130/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.228.125.185 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-125-185.ap-southeast-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: e585e139db1e88b8a96d37dea689cf1e2dd8cfb1f525eff4aaa01c904f8f77bf

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:28 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "fa1d6f5b71d67152c80f5169375645025bdf54c9"
content-length: 313
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
mb.moatads.com/ 72 B
246 B 395ms
101ms Script
text/html 13.228.125.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=NINE_GAM_HEADER1&hp=1&wf=1&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1694513787934&de=120838074207&rx=166864991930&m=0&ar=7f176ec564c-clean&iw=7bbad86&q=1&cb=0&cu=1694513787934&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&bo=undefined&bp=undefined&bd=undefined&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=ninegamheader317783335130&fd=1&it=500&ti=0&ih=2&pe=1%3A1815%3A1815%3A0%3A3150&fs=205402&na=1960695147&cs=0&callback=MoatDataJsonpRequest_91783656
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/ninegamheader317783335130/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.228.125.185 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-125-185.ap-southeast-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 047ed432e6070b9a7831c98fcb2d584470fbb82339065f8b042e0b1a6a8a91b4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:28 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "d9065569da7b74daaedadf4e793d08dfccff97f0"
content-length: 72
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame 3B85 1 KB
2 KB 178ms
178ms Document
text/html 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/ninegamheader317783335130/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=1706
content-length: 1374
content-type: text/html
date: Tue, 12 Sep 2023 10:16:28 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
server: AmazonS3
x-amz-id-2: CWhShxY9V/zl4mKDANni2q70VvKCduS9bPUH4wguNfcKUGNsMUoBDB9JMkffHyEx3LZiYKKDdZw=
x-amz-request-id: 20DFD919EFB192FC

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 141F 0
460 B 1034ms
163ms Image
text/html 34.223.199.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.223.199.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-223-199-220.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:28 GMT
X-Fw-Request-Id: umw91d7_1694513788405475211
Content-Type: text/html
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2

200

setuid
ib.adnxs.com/
Redirect Chain

https://c.bing.com/c.gif?Red3=MSAN_MI9_pd
https://m.adnxs.com/mapuid?member=280&user=328E56C33C9A61AC03A945493DA86049;&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%2...
https://m.adnxs.com/seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D328E56C33C9A61AC03A945493DA86049
https://ib.adnxs.com/setuid?entity=483&code=328E56C33C9A61AC03A945493DA86049

43 B
847 B

202ms
201ms

Image
image/gif

103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=483&code=328E56C33C9A61AC03A945493DA86049

Requested by

Protocol

Server

103.43.89.4 , Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

edge-star-mini-shv-01-syd2.facebook.com

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
an-x-request-uuid: 7f7f286d-475a-4f7b-a55e-3a8e55066519
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:28 GMT
an-x-request-uuid: d4e820e5-5bf2-4634-92c3-18b96cfa15bd
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ib.adnxs.com/setuid?entity=483&code=328E56C33C9A61AC03A945493DA86049
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET partner
sync.search.spotxchange.com/ 0
0

GET
H2

204

usermatch.gif
beacon.krxd.net/
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dadobe%26partner_uid%3D%24%7BDD_UUID%7D
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&redir=https://beacon.krxd.net/usermatch.gif?partner%3Dadobe%26partner_uid%3D$%7BDD_UUID%7D

0
337 B

532ms
154ms

Image
text/plain

54.213.5.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&redir=https://beacon.krxd.net/usermatch.gif?partner%3Dadobe%26partner_uid%3D$%7BDD_UUID%7D
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Server: 54.213.5.1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-213-5-1.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-served-by: beacon-n002-pdx-prod.krxd.net
date: Tue, 12 Sep 2023 10:16:28 GMT
cache-control: private, no-cache, no-store
x-request-time: D=41 t=1694513788
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&redir=https://beacon.krxd.net/usermatch.gif?partner%3Dadobe%26partner_uid%3D$%7BDD_UUID%7D
date: Tue, 12 Sep 2023 10:16:28 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a015-ash-prod.krxd.net

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 88F3 0
73 B 3ms
2ms Document
text/plain 157.240.8.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.9news.com.au
Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.9news.com.au
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:28 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 aa78bbe0e6b63dcdb15c6cff2b23b7ba234c1a1c10fb1 Show response
thoughtlessknot.com/0/cae5e2f/ 284 B
795 B 591ms
157ms Fetch
application/json 34.149.234.220
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://thoughtlessknot.com/0/cae5e2f/aa78bbe0e6b63dcdb15c6cff2b23b7ba234c1a1c10fb1

Requested by

Host: teenytinyshirt.com
URL: https://teenytinyshirt.com/v2zyxN4yzA1uUP3CjcnCOemSY5TR01ifp5OqsvU5jUvPuaVeFoP3kNa_b-AD459Ez

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.234.220 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

220.234.149.34.bc.googleusercontent.com

Software

Resource Hash

864c94bf4483ef3457f42b701f04685e3317bed09a38b1be21575d7b8e638469

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 12 Sep 2023 10:16:28 GMT
via: 1.1 google
x-buildnumber: 998028631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284
x-datacenter: gce-asia-east1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
x-hostname: fen-hoothoot-asia-east1-3r86
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Tue, 12 Sep 2023 10:16:27 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 109 KB
35 KB 521ms
521ms Fetch
text/plain 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3042667090651123&correlator=279944700790593&eid=31076398%2C31076475%2C31077684&output=ldjh&gdfp_req=1&vrg=202309060101&ptt=17&impl=fifs&iu_parts=133009657%2C9news%2Cworld%2Ckim-jong-un&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=99x1%2C300x600%7C300x250%2C728x90&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1694513788356&lmt=1694484988&adxs=0%2C1120%2C266&adys=44%2C220%2C220&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&vis=1&psz=1600x0%7C300x-1%7C940x0&msz=1600x0%7C300x-1%7C940x0&fws=0%2C512%2C4&ohw=0%2C0%2C940&ga_vid=494765906.1694513788&ga_sid=1694513788&ga_hid=1898688932&ga_fc=false&dlt=1694513784835&idt=1287&prev_scp=foldposition%3Dabove%26src_ad_id%3Dadspot-desktop-atptest-pos1-above%26legacyadtype%3Datptest_above%7Cpos%3D2%26foldposition%3Dabove%26src_ad_id%3Dadspot-desktop-halfpage-3-above%26legacyadtype%3DHALFPAGE_above%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D19a1f8c5ad1a6b7%26hb_bidder%3Dix%26hb_format_ix%3Dbanner%26hb_size_ix%3D300x250%26hb_pb_ix%3D0.01%26hb_adid_ix%3D19a1f8c5ad1a6b7%26hb_bidder_ix%3Dix%7Cpos%3D1%26foldposition%3Dabove%26src_ad_id%3Dadspot-desktop-banner-2-above%26legacyadtype%3DBANNER_above&cust_params=pagelevel01%3D9news%26pagelevel02%3Dworld%26pagelevel03%3Dkim-jong-un%26pagetype%3Dgallery%26contentId%3D4f3a921f-dfc4-4f12-94d9-698a73627617%26inskinviewable%3Dtrue%26hasFocus%3Dtrue%26brms%3Dtrue%26brvs%3Dtrue%26deployEnv%3Dproduction%26swgt%3Dna%26adKitVersion%3D1.4.3%26sysEnv%3Ddesktop%26m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting&adks=4113569480%2C1163330564%2C755290641&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8a8883b44be285b71656bfd4df412262c7576c05e85b7b59efab4a8fff592c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36028
x-xss-protection: 0
google-lineitem-id: -2,6364645197,6352580061
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,138444051087,138442466791
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.9news.com.au
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a34d345eff91dcf5d09bf9a7a00f807f.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5304 6 KB
3 KB 583ms
99ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a34d345eff91dcf5d09bf9a7a00f807f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

220.234.149.34.bc.googleusercontent.com

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:28 GMT
expires: Wed, 11 Sep 2024 10:16:28 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 0b6669c8e611692bbdc78f0c94ffaa08234399e6e2 Show response
thoughtlessknot.com/2bfd48f88b/ 3 B
73 B 142ms
141ms Fetch
application/json 34.149.234.220
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://thoughtlessknot.com/2bfd48f88b/0b6669c8e611692bbdc78f0c94ffaa08234399e6e2

Requested by

Host: teenytinyshirt.com
URL: https://teenytinyshirt.com/v2zyxN4yzA1uUP3CjcnCOemSY5TR01ifp5OqsvU5jUvPuaVeFoP3kNa_b-AD459Ez

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.234.220 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 12 Sep 2023 10:16:28 GMT
via: 1.1 google
x-buildnumber: 998028631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-asia-east1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.9news.com.au
x-hostname: fen-hoothoot-asia-east1-3r86
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7B71 0
0 344ms
142ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvsa1hLsrh-Zpq8qA0nPWjV_k8njHgknPqlP-N61ObQjuKSsR4l-SFcqgNAwJLhR80Hxak37G2J-4gwZpX9pbrCEdWlZffUfedu63k1E7ucBrMrJefH4e5Y1VBHJSYGRjK-7TNegDHZxrzwg3nbY6mFL9Jl0clIA410-plITGUyrObHdjB9JBKmQXSz6zdozpd9hS1RwE-k7u3RA3g4pSjkfDGG-kHVFXGpzFNcx8CQ4IGG_YHjypvqYkQzTugVgugvcWY-kHfVBgtEyB5_6J0OppPhVlQAi7OtoKA0QqDP0INU4EuJaaTUBog8X2TKubTSNgZ1QhUDnUojsltFoydizlrlCqj31PZE6LpDwmvqGDrBILsq5BR03MMtZAQRVJYfCmnioDKDII9QAv1vxsSA24S4mRB-NrybLKzAVN1vmKfQyrM&sai=AMfl-YTf5JS4oacTkzSDMRCv3GznLE0wgHzExwmCPT0AX3v85VT0mN0AxS2mqiYi7br5b8ktO3O3GcRnTWCCFoCOUrx1Ik2BYjqrr0RGPQy055_8rtCrmHJ4w8nsPSj9cQ&sig=Cg0ArKJSzFItYcbGesecEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1612340/73397107/ Frame 7B71 46 KB
12 KB 34ms
5ms Script
application/javascript 54.153.174.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1612340/73397107/skeleton.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.153.174.153 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-153-174-153.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: c6b590dc5b70a0e05d2036a709219f0add527a056b4601f82f23dcc93e98e519

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:28 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7B71 172 KB
61 KB 354ms
3ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 13:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75616
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 13:16:13 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7B71 41 KB
14 KB 8ms
2ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 06:08:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 533250
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Sep 2024 06:08:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B71 181 KB
57 KB 276ms
222ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c620084286d4e8ac0ebd4811a782920ac935265c8cdbf0010ea7243bd81a6e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57841
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694001950986259"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/ninegamdisplay230757477266/ Frame 713F 10 KB
4 KB 177ms
177ms Script
application/x-javascript 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/ninegamdisplay230757477266/moatad.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cdae4afd627fc96bf2a279f25c80a72e13325cd2e0e7aae1aecdd9adbf561414

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 08:33:17 GMT
server: AmazonS3
x-amz-request-id: JQJQB7GHCEN0JGPD
etag: "aca57663797625327aef600f59cf825f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=59121
accept-ranges: bytes
content-length: 3884
x-amz-id-2: Rs9S65RZyFTu8eCFn5NJ6GlSYd41hs9BZXDsxrRjXtSauu2HKZSH3ILr4lvGqErMVuAEZ0Pcpv8=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 713F 0
0 142ms
141ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstVnsbK4WzoP-eojnMDH3YdQtOmBAIXS28x0Kve3gBHrHSyM4YrzDQnHOklY6sVlWs97VAQ-9NQnQ-H-FAhfbKy-mEunFNhALqsIZYhH9TX1tni3eDCohjqyxTlRF1VPi0M7zxkbIsIez_HL6n0gM_7BzNr-ve6GjArQt6QSjwxsDLhW9F_ZCe0XFf8B1AA_5p_fL5tRbQL_r4HGzgwqyIatxBYhX1i-f-bXoCe9NQrorPvlM3sHwIEIe-S_UrC-cZo6nNr3l9FbtDHbEDi2q_XE-SXpPBZsONuLvw9SflwiJ4716lEUDlhR5eD2rQ3_sZg3P0czCPz-IJ7QiB1P1kR&sai=AMfl-YQIDeRtZSmwvYE-S6R5C8oGTgcI32IFL10s3ZG81x4B8i1Oxv7tuQa9onB8QRgA7y-sekzlubY0gDM5VLpPjkhIIZcDSma6KbRGjbNT8SbIc0GFsEhhqYubp0f23Q&sig=Cg0ArKJSzNoygD1UgBloEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 713F 16 KB
7 KB 47ms
2ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 09:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 12 Sep 2023 10:40:43 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 713F 181 KB
57 KB 161ms
116ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c620084286d4e8ac0ebd4811a782920ac935265c8cdbf0010ea7243bd81a6e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57841
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694001950986259"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H2 200 graphql Show response
api.ffx.io/ 94 B
354 B 311ms
311ms Fetch
application/json 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ffx.io/graphql?query=%20query%20AdTypesByAdIds(%24input%3A%20AdTypesByAdIdsInput!)%20%7B%20adTypesByAdIds(input%3A%20%24input)%20%7B%20error%20%7B%20message%20%7D%20lines%20%7B%20key%20type%20%7D%20%7D%20%7D%20&variables=%7B%22input%22%3A%7B%22ids%22%3A%5B%226364645197%22%5D%7D%7D
Requested by: Host: adkit.9pub.io
URL: https://adkit.9pub.io/v1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f4039b068c6a48cab0050007fc46e5dec72f3f2d762ae34b63370b3bb2fb6697

Request headers

Accept: application/json
Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
content-encoding: gzip
age: 20
x-cache: MISS, HIT, MISS
content-length: 108
x-served-by: cache-syd10135-SYD, cache-syd10177-SYD, cache-bfi-kbfi7400059-BFI
x-timer: S1694513770.527829,VS0,VE3
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.9news.com.au
cache-control: public, max-age=30
x-varnish-grace: normal(limited)
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0, 8, 0

OPTIONS
H2 200 graphql
api.ffx.io/ Frame 0
0 729ms
140ms Preflight 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ffx.io/graphql?query=%20query%20AdTypesByAdIds(%24input%3A%20AdTypesByAdIdsInput!)%20%7B%20adTypesByAdIds(input%3A%20%24input)%20%7B%20error%20%7B%20message%20%7D%20lines%20%7B%20key%20type%20%7D%20%7D%20%7D%20&variables=%7B%22input%22%3A%7B%22ids%22%3A%5B%226364645197%22%5D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.9news.com.au
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type, Ffxauthorization, Ffxsession, Sec-Fetch-Mode, x-wp-nonce
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.9news.com.au
access-control-max-age: 600
content-length: 0
date: Tue, 12 Sep 2023 10:16:29 GMT
retry-after: 0
server: Varnish
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-bfi-kbfi7400059-BFI
x-timer: S1694513790.638150,VS0,VE0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DD0C 22 KB
8 KB 3ms
2ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 533250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Sep 2023 06:08:58 GMT
expires: Thu, 05 Sep 2024 06:08:58 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.19.8.439.js Show response
static.adsafeprotected.com/ Frame 7B71 207 KB
65 KB 173ms
172ms Script
application/javascript 18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.439.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1612340/73397107/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: efc2b5f3cfb42ac86c11900be6091d645853af46ab4f01bfba7280c3ac37ae02

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 13:42:55 GMT
x-amz-version-id: jxULgCd28jZVPRI.j5D8yH73I4fVMdj5
content-encoding: gzip
via: 1.1 594aa5e4a6030c26c04a6a841838abb2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 2925214
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Aug 2023 19:01:42 GMT
server: AmazonS3
etag: W/"f00fcc2e1b804b8a3edfbb8cb19bddaa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: oovvvRmgwn2zkj2sNBuy_lDQQyFGUfviQ6VAZyLNepe5kXgBghXk8g==

GET
H2 200 GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js Show response
pagead2.googlesyndication.com/bg/ Frame DD0C 37 KB
15 KB 6ms
2ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c34d7fc74fccc151584d8616c24079e60dc5506a015d85c77e92646e74fa75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14501
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:08:54 GMT

GET
H3 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 713F 49 KB
20 KB 3ms
3ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 11:39:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 08 Sep 2024 11:39:54 GMT

GET
H2 200 B30350147.373032492;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=1575236620;ord=00h972;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuQqTQ4V5zyTEZP3Z4mSwmR6Sxr1i0vOET_MtjWmm2pK... Show response
ad.doubleclick.net/ddm/adj/N9508.2432504NINE.COM.AU/ Frame 713F 77 KB
31 KB 159ms
159ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9508.2432504NINE.COM.AU/B30350147.373032492;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=1575236620;ord=00h972;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuQqTQ4V5zyTEZP3Z4mSwmR6Sxr1i0vOET_MtjWmm2pK26n86IHsJyZJWIAC9ZOyWkrTOiUn3zwNsa5nFmpJePQrxMbWrKzh8TcaYoA4HPtZC2DpwPej4k1-wz6vDe4HwrBfsiufiaj-RwAfLAzmKaJEf-AiTHNGgOGqe9lQSVUniLOym7OxWzzfUO1P_Sv-18LxR1fZxoDX0Ukhd-jc0PJhJxHwUrhsDtwgSqnjDnXUTO9W4zVCgcMV17_wjtOl5f-wZF1eJ5eEHe_b142fedebVtlOKAone4Mu9T_wi5KbnuXGZlfFBXtTWU-MwNu9aqStNzQVjgeS7ybzYuf%26sai%3DAMfl-YQuW_6nI_w9PKJ-Gi37dJKXD_79zOaX2r7kXvlgpSBnKFyXsduhXoBHwWhi6P8OD6cXMHy9_vjpxJxXVQ7qD8yuK4cnQxOJjiaf5cb1DWhBMXepbE8h7EcItnVyBQ%26sig%3DCg0ArKJSzODnAPNlSrheEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily$0;xdt=0;crlt=dosXLqeCLW;stc=1;chaa=1;sttr=66;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ee52b0bab6ad52ce0e667b613924639ce01249f26682c041aebd1fad0058ffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31528
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DD0C 0
20 B 142ms
142ms Image
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqwtJfDoAZe-7GquKssUPws-v4AsAAAAAOAHgBAI&bg=!dXaldjnNAAa6D61Rmg87ADQBe5WfOKOO1G9UXIv99i7XUvNfhgZGvPIXGpNbNAbpWHI_aWsI8kj2Y5yCFJCEhvW0mK6tAgAAAFlSAAAABWgBB5kC7xAVQWaAKbiiPPpuc9-vurCTVIleugbtQjr-66_sxRs8RBQS-Uoolrf05a0BM_gyL7Evi_N52bji-g9uKkh5uYYmr7pACIAir5OuVKgwchPutjVxB2eJj8Qntj5OhZ6OEnvUdKaVQePzTFALfnrEw0GSziz98YrRB5Jtdsru4tEJVtGdqr8PH1wE7Aubho9ESBZGnkMve9ZtjFHa0MfrzzFedNVRgrM3v1Z8SpM5YTlYGmsBKJLLWRIPwcxPDYsz4zupaRekQWo-ZFgpo3FhqJcq_MLlYjBYj6Yx3TSGS7WMnxzgrsDTW6BB0v1xiW9mDNXvqgwYha_3WwRJXPVwsf4G7E3cmsROuWDQj20rf3ehYQo8pS3k4TS199_OBUXeC-B56VBfunGPaNprlWlmbJJ2I8wHl96nLJhpZ9VsMmWOJt5cZcyYrO4LqL9RKfsmYQvWmDPlTzKtJY8UO9kpEK5O7H6sKJABaPXfBJyf1liS9560sFi-Yhb85y-z7AePNVfW4cOcY_qBNoW38ZAih-3lumsJfwsFk3u4V8VF46raSrmLHZ2c04PmKdV6xmkF0lQToHT39-AlBfBPpxBbmgAXUxKCrNFmnvOBmAzJuvFGA1y0Ibto5I8Ms6JOQlK6nDUutzXRrG5teCD1BE759CGjdC27csNJPDw6Rkh_YYMHsWjrjNmxf-oOeUytJJ_dm7YaxE1wd2qc330e66CosbAmeUZSChpgHeNAmTck6ADnhmK9NZC1Q8YAx0R12PM4u8Lw1Og6xxnyT-3QYxDc_Z9k4RVkzBqPCV7YCdjXC5031zLqHT51F86JviuJHFPz1uWnW_0Uc5UhvuKzyEMul_UO08HtMMHGLXT4lcWVcy5hdSsT4jbX96-HifUQMq8-BzjunjP6YiBGhMsWbh6dyndBlMRp7_ekhlXK2xYws_SiWJ6sX35FEeP0qtKHRc-wOX1vId5ao2doR8CD8UyGfpoQonvseB7hgTH1ZyOKfq0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-52-62-229-213.ap-southeast-2.compute.amazonaws.com

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adc.nine.com.au/ 89 B
532 B 225ms
30ms Fetch
application/json 52.62.229.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.62.229.213 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

awselb/2.0 /

Resource Hash

38e8aeee900bbc48e3fa041c8f9d536d048c390bd291cd77d15781c928651de9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json
Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
strict-transport-security: max-age=2592000
server: awselb/2.0
vary: Origin
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.9news.com.au
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
access-control-allow-credentials: true
content-length: 89

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 180ms
177ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=NINE_GAM_DISPLAY1&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&m=0&ar=7f176ec564c-clean&iw=7bbad86&q=2&cb=0&cu=1694513787934&ll=2&lm=0&ln=0&em=0&en=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&gw=ninegamheader317783335130&fd=1&it=500&ti=0&ih=2&pe=1%3A1815%3A1815%3A0%3A3150&iq=waiting&tt=waiting&tu=waiting&tp=waiting&fs=205402&na=1509144739&cs=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
DATA 200
OK truncated
/ Frame 7B71 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ed990ddd5abf65f5e0366ea0840849f4a94a61885782ea0a18dc7a716fc9622

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 713F 172 KB
60 KB 3ms
2ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Origin: https://www.9news.com.au
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 13:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75616
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 13:16:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230907/r20110914/elements/html/ Frame 713F 11 KB
4 KB 3ms
3ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230907/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9508.2432504NINE.COM.AU/B30350147.373032492;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=1575236620;ord=00h972;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuQqTQ4V5zyTEZP3Z4mSwmR6Sxr1i0vOET_MtjWmm2pK26n86IHsJyZJWIAC9ZOyWkrTOiUn3zwNsa5nFmpJePQrxMbWrKzh8TcaYoA4HPtZC2DpwPej4k1-wz6vDe4HwrBfsiufiaj-RwAfLAzmKaJEf-AiTHNGgOGqe9lQSVUniLOym7OxWzzfUO1P_Sv-18LxR1fZxoDX0Ukhd-jc0PJhJxHwUrhsDtwgSqnjDnXUTO9W4zVCgcMV17_wjtOl5f-wZF1eJ5eEHe_b142fedebVtlOKAone4Mu9T_wi5KbnuXGZlfFBXtTWU-MwNu9aqStNzQVjgeS7ybzYuf%26sai%3DAMfl-YQuW_6nI_w9PKJ-Gi37dJKXD_79zOaX2r7kXvlgpSBnKFyXsduhXoBHwWhi6P8OD6cXMHy9_vjpxJxXVQ7qD8yuK4cnQxOJjiaf5cb1DWhBMXepbE8h7EcItnVyBQ%26sig%3DCg0ArKJSzODnAPNlSrheEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily$0;xdt=0;crlt=dosXLqeCLW;stc=1;chaa=1;sttr=66;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 22:04:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Sep 2023 22:04:40 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 713F 41 KB
13 KB 2ms
2ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-52-62-229-213.ap-southeast-2.compute.amazonaws.com

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 06:08:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 533251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Sep 2024 06:08:58 GMT

GET
DATA 200
OK truncated
/ Frame 713F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 598d31db02e39e6d189c0c33cd6badde18d7d61b841c2985ac63de15ae3d689f

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 177ms
177ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=https%3A%2F%2Fwww.9news.com.au%2F%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=1224&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A0%3A3150&as=0&ag=75&an=0&gf=75&gg=0&ix=75&ic=75&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=75&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=149&cd=0&ah=149&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DOMSEARCH&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=1643439687&cs=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H2

200

/ Show response
adc.nine.com.au/ Frame 3B66
Redirect Chain

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID
https://adc.nine.com.au/?appNexusUid=2929370047501124640

89 B
451 B

40ms
40ms

Document
application/json

52.62.229.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?appNexusUid=2929370047501124640

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.62.229.213 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

awselb/2.0 /

Resource Hash

38e8aeee900bbc48e3fa041c8f9d536d048c390bd291cd77d15781c928651de9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
content-length: 89
content-type: application/json; charset=utf-8
date: Tue, 12 Sep 2023 10:16:29 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
server: awselb/2.0
strict-transport-security: max-age=2592000

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 56742537-73d6-4be0-8757-2c3ca8ce0961
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:29 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://adc.nine.com.au?appNexusUid=2929370047501124640
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6753415701626617856/ Frame 7A39 23 KB
3 KB 98ms
97ms Document
text/html 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df40483500c6075bd3d38ddb96d7cd215ea5f8428f2a9ec1548ce3ffb74d6af3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:29 GMT
expires: Wed, 11 Sep 2024 10:16:29 GMT
last-modified: Wed, 01 Mar 2023 00:50:24 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 065D 22 KB
8 KB 3ms
3ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 533251
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Sep 2023 06:08:58 GMT
expires: Thu, 05 Sep 2024 06:08:58 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 7 KB
2 KB 97ms
96ms Document
text/html 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76365298879152f8aa3f0aa3a39e705585a3504c3f611a81bb19a0f5251a9545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1861
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:29 GMT
expires: Wed, 11 Sep 2024 10:16:29 GMT
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 713F 0
0 239ms
142ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstcf5m--ljHp5HtCXacoSyvWp9XHvzQL8w8MppcRWAzkI7MUQWObdjl_ARWZGWvcRBr3QL1w_cf2glkGJk_8_IbvXPe8_z0hbUQgpRVyTIlTYz3xEbRe41VUudEjbY9VpyOOvYfVI9StUCQjk-nZttutB7TecYhSCDlsUP-oSk&sai=AMfl-YRXVChHb_sUQcWInu99nywNmtFxbOMltLXwsLnxWJC1tT-I_eAcKnKvBIiiMlTdhAqQIVd6TTw3f7qsF5yl4PhRM9WqtfPMrurdmg&sig=Cg0ArKJSzAzTYgYGpqWTEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=54&cbvp=1&cstd=48&cisv=r20230907.47008&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 7B71
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1612340/73397107/skeleton.js?adsafe_url=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-6...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

212ms
212ms

Script
application/javascript

18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 24 May 2023 11:24:04 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 594aa5e4a6030c26c04a6a841838abb2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 9586346
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: XIBxTHuY7itkuvsl56C_G-94rURlJI6BZCsX0qUH3EyAKDJ58eUV7A==

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
server: nginx
x-server-name: app02.au.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 27DB 91 KB
92 KB 166ms
166ms Script
application/javascript 18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 09:26:44 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via: 1.1 594aa5e4a6030c26c04a6a841838abb2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 16073386
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 93606
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: "1f3488247c90bb5de253d3d0cb3b7458"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: 22gETOdF7aQwz_EkCNX-FDiAcLkg0pduZsT2nGFUFHxhmUmPTXgpCQ==

GET
H2

200

458249.gif
idsync.rlcdn.com/
Redirect Chain

https://sr.rlcdn.com/469486.gif?u=64fee050c91c48d184e91b74a3ebb52c&es=149096
https://sr.rlcdn.com/1000.gif?memo=CO7THBIyCi0IDxAAGicxNDkwOTY6NjRmZWUwNTBjOTFjNDhkMTg0ZTkxYjc0YTNlYmI1MmMQ_XkaDQj99ICoBhIFCOgHEABCAEoA
https://pippio.com/api/sync?pid=5324&it=1&iv=6cbb05e5ea32244ca05aafdee745a90f3f64c9f065b7c85c9b7c031c3ab095e1791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA2Y2JiMDVlNWVhMzIyNDRjYTA1YWFmZGVlNzQ1YTkwZjNmNjRjOWYwNjViN2M4NWM5YjdjMDMxYzNhYjA5NWUxNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA2Y2JiMDVlNWVhMzIyNDRjYTA1YWFmZGVlNzQ1YTkwZjNmNjRjOWYwNjViN2M4NWM5YjdjMDMxYzNhYjA5NWUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_fSAqAYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=5cc1e3d2-850a-4c8b-be14-7ba477bc9efe

42 B
315 B

189ms
182ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=5cc1e3d2-850a-4c8b-be14-7ba477bc9efe
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=5cc1e3d2-850a-4c8b-be14-7ba477bc9efe
date: Tue, 12 Sep 2023 10:16:30 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H3 200 style.css
s0.2mdn.net/sadbundle/6753415701626617856/ Frame 7A39 9 KB
2 KB 6ms
5ms Stylesheet
text/css 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6753415701626617856/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ac14347160933249aa43ed43ed6ab31b6e18249ee567b8557fb0770c99a0df6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 19:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52960
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2406
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 00:50:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Sep 2024 19:33:49 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 7A39 118 KB
40 KB 3ms
3ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 05:22:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17658
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Sep 2023 05:22:11 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/6753415701626617856/ Frame 7A39 18 KB
5 KB 7ms
6ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6753415701626617856/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6358abc5230e7eeed308cd27b4a04bd292966c7081d2ea97872e6529ad4cbea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 11:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255173
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4784
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 00:50:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 11:23:36 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ Frame 7A39 63 KB
23 KB 332ms
15ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1006368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 22890
last-modified: Thu, 22 Jun 2023 11:03:34 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942a86-596a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bi4dL%2BEM2SM9ZTnbnBnIfn%2ByiF4IgU95sSyVz3qIYonDSAahbyyd26n8%2BCtbSm%2F%2F%2BHpIlqc6Mzfd1b09TNaMAJaHQ5BqLSCM2vq9K7NSNWumorOhLuuf%2FZIUmK4%2FOr%2BodX06rsLN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 805765323b58dfb3-SYD
expires: Sun, 01 Sep 2024 10:16:29 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 834ms
157ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1DxUS,pingTime:-2,time:480,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:14,bdZ:49,beA:51,beZ:52,mfA:443,cmA:444,inA:444,inZ:447,prA:447,prZ:458,si:462,poA:463,poZ:475,cmZ:475,mfZ:475,loA:519,loZ:520,ltA:531,ltZ:531,mdA:53,mdZ:387%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:410%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:481,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B87~100%5D,as:%5B87~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,slid:%5Bgoogle_ads_iframe_/133009657/9news/world/kim-jong-un_1,google_ads_iframe_/133009657/9news/world/kim-jong-un_1__container__,adspot-desktop-halfpage-3-above%5D,sinceFw:69,readyFired:true%7D&br=c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 204 event Show response
prebid-a.rubiconproject.com/ 0
125 B 105ms
105ms XHR
text/plain 52.199.53.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.199.53.10 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-199-53-10.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 12 Sep 2023 10:16:30 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 563ms
102ms Preflight 52.199.53.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.199.53.10 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-199-53-10.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.9news.com.au
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Tue, 12 Sep 2023 10:16:29 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 200 GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js Show response
pagead2.googlesyndication.com/bg/ Frame 065D 37 KB
14 KB 5ms
2ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c34d7fc74fccc151584d8616c24079e60dc5506a015d85c77e92646e74fa75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14501
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:08:54 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 1146 120 KB
41 KB 6ms
5ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 20:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 20:30:20 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1146 113 KB
38 KB 101ms
100ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f10.1e100.net

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ Frame 1146 85 KB
30 KB 409ms
2ms Script
text/javascript 172.217.24.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 06:15:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 Sep 2024 06:15:35 GMT

GET
H3 200 CustomEase.min.js Show response
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 7 KB
4 KB 8ms
7ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/CustomEase.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df0fea5a6c03e63a17cbf8177bc453d3275454f3c7f7315bca9d0251fbec4290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3646
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 9 KB
4 KB 7ms
6ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/SplitText.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b1bd3ff92cff335e4fdf33f9f5920cebd56c33543636c50b16258a7e9384354

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3729
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1146 236 KB
63 KB 98ms
97ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H3 200 fordLogo_728x90_Center.js Show response
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 55 KB
15 KB 7ms
5ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/fordLogo_728x90_Center.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3267e3a0a1417a9d3e611eb7a61e4e29c74e20255b78b749c287eaf925dfbc82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15591
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 7 KB
2 KB 6ms
4ms Stylesheet
text/css 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/style.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

859e27bd5df1f85bbf1440d2a475c409de56209ee077cbadf6e139793f63a524

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1928
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 20 KB
20 KB 3ms
3ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/img1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e08db045ba7baa0759157128bf742ffbc3c463b4a124fb3e3b391af13e9a69e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20606
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 13 KB
13 KB 3ms
2ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/img2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3704efc082e4e298202e9dde7b33b84d2a58062b69e8e9389130cff386412529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:50 GMT
x-content-type-options: nosniff
age: 243519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13187
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:50 GMT

GET
H3 200 img3.jpg
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 16 KB
16 KB 3ms
2ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/img3.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1dbe5343e395e38a4387c501b63eb18259afc575880e1a5de1e789de9fa72a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15873
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 img4.jpg
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 22 KB
22 KB 3ms
3ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/img4.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24fdd3d4ef8864cea46d0a5228bbcfa06fb5efc2cc8600e8fcc2a36fbc23d0b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22173
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 img5.jpg
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 13 KB
13 KB 3ms
2ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/img5.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60dad4087f93fa6c80b7fbe15fa0d1d99ae40e8ce803eaba4c55c1f0c799cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13518
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 oval3.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 5 KB
5 KB 3ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b577d235b30a5688bacfec4c4268b1ee76780750c09e8d2f37c603684efdf0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5302
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 oval2.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 5 KB
5 KB 3ms
3ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f18d9c3370390be3cb4db0683917bfc658c3eeb347e696f9d4e1201f918714f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5244
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 oval1.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 4 KB
4 KB 2ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cac7a20e4c40606c07e127347acf9f719eeff12a231dc552cf211b2720c1a716

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3614
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 oval3-right.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 507 B
539 B 2ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval3-right.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5c44107696b70dd93fe16cd18f4e962d99200505f1757be37d93918d1c8f997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 507
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 oval2-right.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 430 B
465 B 3ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval2-right.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0092b0c90b0dd5ac638c1aed59f62e765f4fe6f9aa35e6cc55afd75febc6b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 07:13:01 GMT
x-content-type-options: nosniff
age: 443008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Sep 2024 07:13:01 GMT

GET
H3 200 oval1-right.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 493 B
528 B 3ms
3ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/oval1-right.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecffeeb99a3d8e96527745527de590517a3ed0335723340e68ecf4b9a1e5ff8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 493
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 logosmall.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 4 KB
4 KB 2ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/logosmall.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fab5548e8cc32a23ddcf053c9e29b81369d1aaf7fb8296809e3fd70fe36d527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4254
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 blocktext.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 2 KB
2 KB 3ms
2ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/blocktext.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce43cf413c98bd3c781c6065bab1df74670201fc34220ab55c88b65cf35c6860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2343
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 blocklogo.png
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/ Frame 1146 4 KB
4 KB 3ms
3ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/images/blocklogo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

072c4b8f12ea889355a8ee4a2e45a49f022b69e0fcef722c7192ddea97fd51aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4382
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/ Frame 1146 15 KB
3 KB 3ms
3ms Script
application/x-javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/main.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff046c5649dd06f2692b6109bba61a2214332d2aa9f06980f166a1af8652a5f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/index.html?e=69&leftOffset=0&topOffset=0&c=L6k3e5OIO4&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 GTAmerica-ExtMd.woff2
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 54 KB
54 KB 3ms
3ms Font
font/woff2 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4545690/GTAmerica-ExtMd.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

faca51e2dc539fdc6760eb40c66a2cdf814d955da66cb2f97e12da659c3343b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:03:22 GMT
x-content-type-options: nosniff
age: 787
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55596
x-xss-protection: 0
last-modified: Fri, 19 Aug 2022 00:49:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:18:22 GMT

GET
H3 200 Gotham-Light.woff2
s0.2mdn.net/creatives/assets/4629595/ Frame 7A39 13 KB
13 KB 4ms
4ms Font
font/woff2 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4629595/Gotham-Light.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

378602871c022039ea875754519dbecda70a29b6fa0d1b8fc6e66b3639fed597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:13:04 GMT
x-content-type-options: nosniff
age: 205
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13612
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 09:04:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:28:04 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7A39 7 KB
6 KB 113ms
113ms XHR
application/json 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d76033eb9d1c3b4cafc77a2a5ca0e5776b6aa02b4515204f412ee3a0e70da0b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5792
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1146 7 KB
6 KB 275ms
275ms XHR
application/json 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fd83b1274f7ea87ad180d21625e9d2a4762ba1e81b05466a7b48be48926db15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5691
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 065D 0
20 B 140ms
140ms Image
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAendfToAZYy6CraIrtoP0rGDyAoAAAAAOAHgBAI&bg=!Xl2lXRLNAAa6D61Rmg87ADQBe5WfOHslapHUffcDARNjAe3WVaLwt4akhT_CFwhxCXdK7nudnS0byA5QqcPpnsWmBbNpAgAAAGVSAAAABmgBBwoAT-U24qZBw5pesgVMFOiI6a09y6C_vCzLKzqcKifOdshqEWb-nfxhEeqep87xK3P6pWz57EYdm7PihgVlNxZLwkFdZSWS4VL-gPPemepT48GZAtexhuiGEcJMjwfDYCh0m6h_c69t9n2AkcLldhNzFWreLKp8LwZcC-kroYeoYbNenptd4M4gbW_huMnhd6TnutkuS8V0VcdH1tI89aG2eg0cXd8SFg49qiSytxCsIY9JThV2a9Y4qrNBTW5CK3SsWLoyTj670f1YzTcIMz_n5KsSoRgq45moQOu1n7fmevf_ICBo-jLzWMS2OVJ6SMBben9FKFmhz0txkWi8go9z3qAaxSRHTb_KPiSfpf1SQMzsg5x3dXmV8T93konlIEuF0XVq-QuCiZSRtI1M_xiW6-UzjKI5ocVDPlY8jcE8ZKPvI5O43HT2BlErH0QnvjyvzIzFqpqHZYw6XpBqRNRHzkz0T_0hVQD8nP3qAly67w0veNDkwah7Xqj3lPJvJGfKwRWwa1bpFJONyFborwqRymHGE6LECmNmOpAQFSSXe7z-LR8dzpOyUKymL3tXEV9gFcAs37N_8sKsDw18-Iod2p0ov4MveqPDg-gfdAA58RoXNQ9LkYsLpYzG5pnGCIwdgCDQawwwyqkrWxWZWfgt1l_TLiKTIpCKLZ-UnHzXBWwuTDkQ4QdJVvIFarhMrv6zUaQddf8cN2vRXAbkesjjhq2_CImFr_KWF8QIF2k2CCFDozp_sv--yAkyUbnibGLf83Z_JaW5mCE12njEEkQL1jeuKgHgi1AwFdjPiE3PhkJ0eTfiOK_zbAswLAtDOYcwK1BySzdTXnYRVH9YJbPBbC2-BeJWgCIlNjp3BD1NQXEeHpbXFSJGk1qDQaF83WZad4UQqDwe4jRmtkhQKlHRGo6zYLDnrHY0THFLuQRtbn4MNB2YS_EelJwfytKJniqf8PWQEF-m174vJaU0RtqDnH2_LxtvQh9L29E8NX2e3YEb_v3XAFcRqvNeXzdm4xqZMtUX5T57mitDrtOYQbpC8T1rMbV_92SFvdepvzJRUm5_GCnZtDuJtCd9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 605ms
157ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1DxYy,time:708,type:e,im:%7Bimprf:%7Bttecl:721,ecd:271,tsecr:2%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:708,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B314~100%5D,as:%5B314~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,sis:683%7D&br=c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7A39 17 KB
6 KB 184ms
183ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7B71 0
0 142ms
141ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst2BZT6Kptrp9uXWqKQXN_q1mOjhjLOlg7sE7qDj-vWsFvwepqGHZbsSar8dXwGnEhjbkscw8Lu-j2iL8u59a4iNS301yuIU4pSN9n1RP5p33LqF1_2yVEOFx2L9P0c_Pj3Uy8mDre0_DNj-3JICTVdk4vm10Le1vCI0n1Ki7mAKPVdOl5A6jrauqB9GnKZiXGEBnfKfk0K_LShSPOTtsZQy3Mv7NP2DLqzpwIGbkGGk7rCTcS2tEt_HXodicEWBjaH9g7XRIi0XnJEXwsdDfc63rIJv0DzEqTjOJSzvQbgFzDQw_Lswd-6pHlehjuFF38CERyzkm0Up5bELS1hnBZ-Z2E&sai=AMfl-YQZ4MjnzoGUIN_tjdEjiBDIPruMY_Z47KfotGGCA5kQ-SgxEQ72o7KWO6nMKiCJkB51_szvJQzIACudtj7EgwsHxjf0ApIwxnrjDQsZ4kYKB2OGYQIMqtsttiw9OA&sig=Cg0ArKJSzJhjtkkfadDwEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Sep 2023 10:16:29 GMT

GET
H3 200 dynamicBuilder.min.js Show response
s0.2mdn.net/creatives/assets/1951882/ Frame 7A39 9 KB
1 KB 3ms
3ms Script
text/javascript 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1951882/dynamicBuilder.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d585510ebf6dccd5790b2083b5e4425473fa2277aef2dc2be1fcba2d04f47e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:04:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1400
x-xss-protection: 0
last-modified: Wed, 04 Apr 2018 17:00:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:19:53 GMT

GET
H3 200 3848341129440585326.json Show response
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 34 KB
9 KB 3ms
3ms XHR
application/json 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4545690/3848341129440585326.json

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6753415701626617856/logic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4786c9dd528af3c0ed0e9c00b240ef6ffa52fdda646f0da975f9677348ff4c28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9326
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 02:58:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:24:34 GMT

GET
H3 200 transparent.png
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 68 B
100 B 3ms
3ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4545690/transparent.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:09:22 GMT
x-content-type-options: nosniff
age: 427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
x-xss-protection: 0
last-modified: Tue, 03 May 2022 13:14:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:24:22 GMT

GET
H3 200 6287f3b21ed6f4775c7ce1a88be8c183.png
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 68 B
100 B 4ms
3ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4545690/6287f3b21ed6f4775c7ce1a88be8c183.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:02:21 GMT
x-content-type-options: nosniff
age: 848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 07:53:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:17:21 GMT

GET
H3 200 cdb7861fa6a97a8b78128247c3843a98.jpg
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 47 KB
47 KB 8ms
7ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4545690/cdb7861fa6a97a8b78128247c3843a98.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

012043eb833da735590285b1f0bec605bb6238596fe8217c36dd7d5bfa339816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:11:57 GMT
x-content-type-options: nosniff
age: 272
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47624
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 02:36:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:26:57 GMT

GET
H3 200 3ffe7d1005e83c61b752d3299e808884.png
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 9 KB
9 KB 8ms
7ms Image
image/png 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4545690/3ffe7d1005e83c61b752d3299e808884.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8389eb2b8700cc8536eb76a57f264ae52156843ba9dea6d520e684b8d2b15287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:07:41 GMT
x-content-type-options: nosniff
age: 528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9476
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 07:51:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:22:41 GMT

GET
H3 200 2c857f89da86eed074d5c454ef920bed.jpg
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 38 KB
38 KB 9ms
8ms Image
image/jpeg 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4545690/2c857f89da86eed074d5c454ef920bed.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659100c621656f9398a8166f47c8deb27bb27db9955d5c657c1d49fd6b923214

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:10:38 GMT
x-content-type-options: nosniff
age: 351
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38755
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 02:35:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:25:38 GMT

GET
H3 200 Gotham-Book.woff2
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 22 KB
22 KB 3ms
3ms Font
font/woff2 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4545690/Gotham-Book.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602672d6570d5bfb4431e8d14d981397dde5717868934595a0425e80249262c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:09:27 GMT
x-content-type-options: nosniff
age: 422
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22856
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 11:46:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:24:27 GMT

GET
H3 200 Gotham-Medium.woff2
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 22 KB
22 KB 4ms
4ms Font
font/woff2 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4545690/Gotham-Medium.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ec05a721daa8898a5717bec22f3845c6252415df41e2f133fb107fc6278ca7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:09:43 GMT
x-content-type-options: nosniff
age: 406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22800
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 11:46:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:24:43 GMT

GET
H3 200 Gotham-Bold.woff2
s0.2mdn.net/creatives/assets/4545690/ Frame 7A39 21 KB
21 KB 5ms
5ms Font
font/woff2 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4545690/Gotham-Bold.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58fd690369790ab77caf38204c11a6600694f407a633d8cd93e9dd388732e735

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6753415701626617856/index.html?e=69&leftOffset=0&topOffset=0&c=KwIXxOFnah&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:08:24 GMT
x-content-type-options: nosniff
age: 485
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21936
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 11:46:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Sep 2023 10:23:24 GMT

GET
H3 200 FordAntenna_Medium.woff
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/fonts/ Frame 1146 17 KB
18 KB 4ms
4ms Font
font/woff 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/fonts/FordAntenna_Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c63a7f4d5e9b760cac8c0ae2ab9ca08abaea98e484c80599a2fc11513e36ed4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/style.css
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17880
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H3 200 FordAntenna_Light.woff
s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/fonts/ Frame 1146 16 KB
16 KB 4ms
4ms Font
font/woff 172.217.24.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/fonts/FordAntenna_Light.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

105ecade0a9c60b1761dde09761a986e0b8402b05d02fdd9b3404a2fa4672a24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15591021475757293568/FORDVF0298_TheBlock_Everest_728x90_AllFrames/style.css
Origin: https://s0.2mdn.net
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:37:51 GMT
x-content-type-options: nosniff
age: 243518
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16608
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 02:06:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Sep 2024 14:37:51 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1146 17 KB
6 KB 293ms
292ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 713F 0
0 142ms
142ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstcf5m--ljHp5HtCXacoSyvWp9XHvzQL8w8MppcRWAzkI7MUQWObdjl_ARWZGWvcRBr3QL1w_cf2glkGJk_8_IbvXPe8_z0hbUQgpRVyTIlTYz3xEbRe41VUudEjbY9VpyOOvYfVI9StUCQjk-nZttutB7TecYhSCDlsUP-oSk&sai=AMfl-YRXVChHb_sUQcWInu99nywNmtFxbOMltLXwsLnxWJC1tT-I_eAcKnKvBIiiMlTdhAqQIVd6TTw3f7qsF5yl4PhRM9WqtfPMrurdmg&sig=Cg0ArKJSzAzTYgYGpqWTEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=615&vt=11&dtpt=561&dett=3&cstd=48&cisv=r20230907.47008&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 713F 0
0 140ms
140ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuw6i8-_5YpLdfBrzWhRU9wJoxS6Q4J5IV2bIfR_VoqiRSZrKu8pXfz0T5ECDPHYmyWC4kpgNYAUKDha8erNRp0Xd_qSYufDaHMAV9nDXeU0-YkZc9dYdH3qa3QWqJtNRdATzlgWJGc63vZZ-tE0CkZqmmaJvLgPAjIar_QEEGk17gVBisi1-ZD2PE4VwXDRRQz3I4ON3tlrNMR5WWZu2-Zz5BysgsZNgM3c_zZHUazZRQr0wZ9wp8iI78yEwdAVY3BNzmB93U_egmIE0HL0CCY3aGcOD5Xw92-ihgR66_jwHRjSHzBrycSZAKqxNUaiSa-j3YcvHClOah93ntuXUA3_4o&sai=AMfl-YQomrCR5izU_7CB5fEucIaRe_o3DuzlvKoxA_eAOeiZKioAuyljFXNCUzIBb_Frygi72xtwXhj0dPtD6VNqxMP2GzSe95KgSfa-jb3N2i0RvJvfFa7l7jV4Jg90OQ&sig=Cg0ArKJSzDRBfxuABO62EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 303ms
157ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1Dy3p,pingTime:-10,time:1009,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNDgwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE2LjAuNTg0NS4xNzkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1694513790003%7C%7Ca22878ef2609285207d7fbc102420005%7C%7Caaf8e1c5fa6f2472e971350e5968c28c%7C%7C4115f5ef8cccf2ec932d42acc34afc2c%7C%7C9440cf5e308a94a657cc662881021e9f%7C%7C9ebd24bafefe37f527780eb9e31b02d0%7C%7C68a8fcdb8fe0d53fb48c25566aa53e51%7C%7C321c487da4e92ba52e90894d4c09b176%7C%7C1663701684%7D
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js Show response
pagead2.googlesyndication.com/bg/ Frame 434D 37 KB
14 KB 3ms
2ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c34d7fc74fccc151584d8616c24079e60dc5506a015d85c77e92646e74fa75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14501
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:08:54 GMT

GET
H3 200 GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js Show response
pagead2.googlesyndication.com/bg/ Frame BABE 37 KB
14 KB 4ms
3ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c34d7fc74fccc151584d8616c24079e60dc5506a015d85c77e92646e74fa75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14501
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:08:54 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 179ms
178ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=2348&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A0%3A3150&as=1&ag=1203&an=75&gi=1&gf=1203&gg=75&ix=1203&ic=1203&ez=1&ck=1203&kw=1066&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1203&bx=75&ci=1203&jz=1066&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1066&cd=149&ah=1066&am=149&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=2055815631&cs=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 713F 42 B
64 B 141ms
141ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHHknm2X6S9fi40UewD1I1BbTOEJjoNhvUVtWbw6ks8v5Zi6imwVaQNbNz3bXREcK6yn-rtILRFKX7NfJSfi2N-o7pMw8MaFaK1fcEkL_9GNY&sig=Cg0ArKJSzLgAq57YxFzhEAE&id=lidar2&mcvt=1002&p=0,0,90,728&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230906&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=1575236620&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694513788962&rpt=481&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 177ms
177ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=2349&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A0%3A3150&as=1&ag=1203&an=1203&gi=1&gf=1203&gg=1203&ix=1203&ic=1203&ez=1&ck=1203&kw=1066&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1203&bx=1203&ci=1203&jz=1066&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1066&cd=1066&ah=1066&am=1066&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=864559738&cs=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 157ms
157ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1DyaS,pingTime:1,time:1472,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:410%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1472,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1078~100%5D,as:%5B1078~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:838,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,sis:683%7D&br=c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 158ms
158ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1DyaS,pingTime:1,time:1472,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:410%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1472,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1079~100%5D,as:%5B1079~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:838,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,sis:683%7D&br=c
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
424 B 8ms
8ms Image
image/gif 54.79.222.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-606950&ch=au-606950_b29_nine.com.au%20-%209News_S&asn=nine.com.au%20-%209News&fp_id=68tal7smowbhzl5b68sdxgqzsfmf61694513787&fp_cr_tm=1694513787515&fp_acc_tm=1694513787515&fp_emm_tm=1694513787515&ve_id=&sessionId=onxhttku260m6ahuip1njbdow6l8e1694513787&prv=1&c6=vc,b29&ca=NA&c13=asid,PFC7A06D1-31DD-4749-87F8-8FFD52371467&c32=segA,NA&c33=segB,Nine.com.au%20-%209News.com.au&c34=segC,NA&c15=apn,Nine&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,dbbmwue79h8oigyjll5bkhkov2hc61694513787&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16945137875123715&c30=bldv,6.0.0.673&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1694513787130&c3=st,c&c64=starttm,1694513789&adid=1694513787130&c58=isLive,false&c59=sesid,&c61=createtm,1694513789&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&c66=mediaurl,&sdd=&c62=sendTime,1694513789&rnd=586656
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.79.222.52 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-79-222-52.ap-southeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 178ms
178ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=2349&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A0%3A3150&as=1&ag=1203&an=1203&gi=1&gf=1203&gg=1203&ix=1203&ic=1203&ez=1&ck=1203&kw=1066&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1203&bx=1203&ci=1203&jz=1066&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1066&cd=1066&ah=1066&am=1066&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=1521157433&cs=0
Requested by: Host: www.9news.com.au
URL: https://www.9news.com.au/world/how-kim-jong-un-travels-when-he-leaves-north-korea/4f3a921f-dfc4-4f12-94d9-698a73627617?ocid=edm-nine.com.au-ninedaily--230912&mktg_scr=edm-ninedaily
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:30 GMT

GET
H2 200 / Show response
zn1y2ema5tlxxjvbo-nineresearch.siteintercept.qualtrics.com/SIE/ 8 KB
4 KB 61ms
26ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn1y2ema5tlxxjvbo-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_9RXYDOH8jm6Qmge

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

724723ab20fd3597255ebbca97bd8cbf738c6b43a64b0717eb3acbe140498e7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 298149
cf-polished: origSize=9150
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"23be-zhiiTxCHhgDJ+DEOf7nl2zIKcB0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 80576538e9e5aadb-SYD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 RCf3146c916190417bbb2a61ae1a0d3c66-source.min.js Show response
assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/c75357ffae9c/ 552 B
587 B 465ms
464ms Script
application/x-javascript 23.77.128.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/c75357ffae9c/RCf3146c916190417bbb2a61ae1a0d3c66-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/36b74e34ece7/5e2db1ff2965/launch-52457de27223.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.128.136 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-128-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1068f9ede3c3a374e5f98d3cc7260c6d5ca1c8cb9ad5f43c1cf03d1a67867b05

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:31 GMT
content-encoding: gzip
last-modified: Tue, 05 Sep 2023 03:37:56 GMT
server: AkamaiNetStorage
etag: "e46f585358825e8de357e67a6d77238b:1693885076.868181"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.9news.com.au
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 329
expires: Tue, 12 Sep 2023 11:16:31 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 138ms
138ms XHR
application/json 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309060101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b9ed394aea3746fa78efc7cdd1d172efd8b2dcb1b323d7aa352e169a7a1a553

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11937
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7B71 42 B
64 B 141ms
141ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssSrqQQVaVSOOn7CxlZBpQ6-MkIPmyQtCUJLsoamyjDRGUNCsWXPmZYtviGL4raKqq1ZPM_AmjLoY1iqroGdy0PBdxkX17EHZkCbn6cn4YiK2GWxAzM6eVdT1r5wp5ODybEcZWl74y_M-5R1f-1Y55YY-6yFtaKqAbEaa_Y60gg-AZT6m13-Q7-xnUbY6kCqfKW&sig=Cg0ArKJSzBCSkN7zEff8EAE&id=lidar2&mcvt=1000&p=220,1120,820,1420&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230906&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1163330564&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694513788943&rpt=903&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-13-237-172-12.ap-southeast-2.compute.amazonaws.com

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK event Show response
nd.demdex.net/ 2 KB
1 KB 8ms
8ms Script
application/javascript 13.237.172.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/event?d_mid=58157680913770896520111483780606793850&d_nsid=0&d_ld=_ts%3D1694513790876&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1694513790876&c_pageName=news%3A9news%3Aworld%3Akim%20jong%20un%3Agallery-Kim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&c_channel=news%3A9news&c_campaign=edm-nine.com.au-ninedaily--230912&c_events=event1&c_server=www.9news.com.au&c_prop1=news%3A9news%3Aworld&c_eVar2=news%3A9news&c_prop2=en-au&c_eVar3=news%3A9news%3Aworld&c_prop3=news%3A9news%3Aworld%3Akim%20jong%20un&c_eVar4=news%3A9news%3Aworld%3Akim%20jong%20un&c_prop4=news&c_prop5=ninemsn&c_prop7=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&c_prop14=desktop&c_prop21=gallery&c_prop22=Kim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&c_prop23=true&c_prop26=8%3A00PM&c_prop42=edm-nine.com.au-ninedaily--230912&c_prop57=4f3a921f-dfc4-4f12-94d9-698a73627617&c_prop61=&c_prop62=&c_eVar91=edm-nine.com.au-ninedaily--230912&c_eVar92=edm-ninedaily&c_eVar93=null&c_eVar95=null&c_hier1=news%7C9news%7Cworld%7Ckim%20jong%20un&c_hier2=news%3A9news%7Cgallery%7CKim%20Jong-un%20visits%20Russia%20North%20Korean%20leader%27s%20armoured%20train&c_web.tags=Kim%20Jong%20un%7CNorth%20Korea%7CTransport%7Ctrains%7Caircraft%7Cship%7CCars&c_web.contentAuthors=&c_web.datePublished=2023-09-12T02%3A22%3A27Z&c_nuid.id=null&c_ocid=edm-nine.com.au-ninedaily--230912&c_mktg_scr=edm-ninedaily&c_hash=&c_host=www.9news.com.au&c_hostname=www.9news.com.au&c_pathname=world%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&c_protocol=https%3A

Requested by

Host: share.9cdn.net
URL: https://share.9cdn.net/share/long_cache/js/tracking/tracking.4.0.388.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.237.172.12 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

cc7cf2f68ac4187deda7509e2aad386493f6ccb661577d128de6eb4b54099b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

DCS: dcs-prod-apse2-1-v049-010f1b80e.edge-apse2.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: lbNc7trNTLM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: application/javascript;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 698
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 12.2158c5447122fa995560.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 69 KB
21 KB 20ms
19ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.2158c5447122fa995560.chunk.js?Q_CLIENTVERSION=1.98.1&Q_CLIENTTYPE=web&Q_BRANDID=www.9news.com.au

Requested by

Host: zn1y2ema5tlxxjvbo-nineresearch.siteintercept.qualtrics.com
URL: https://zn1y2ema5tlxxjvbo-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_9RXYDOH8jm6Qmge

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

697e541b2f182b24b7e56b9a1807fd0ce4241e0e1e289c64f16fc365643fe495

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 553989
cf-polished: origSize=71575
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 28 Aug 2023 19:22:00 GMT
cf-bgj: minify
server: cloudflare
etag: W/"11797-18a3d9883c0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 805765391a0baadb-SYD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
1 KB 83ms
82ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_9RXYDOH8jm6Qmge&Q_CLIENTVERSION=1.98.1&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.2158c5447122fa995560.chunk.js?Q_CLIENTVERSION=1.98.1&Q_CLIENTTYPE=web&Q_BRANDID=www.9news.com.au

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ad798592d9f22a9708b559e67c18c61c567d9465752342a39a754edd52ec399

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.9news.com.au/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Sep 2023 10:16:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.9news.com.au
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: c1f92b59711eb8b2
cf-ray: 805765394a3faadb-SYD
timing-allow-origin: *

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 713F 42 B
64 B 141ms
140ms Fetch
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss7UYHBLWgNXiWQuCgfp4kQaRCV8awr3LuuXsNIDadxXj5mbb01DnEOmU_Nf13mhRq9h5_2ttojHahcOK7Xqa8WwUTN6pyXbzElUnzOE4-kJovfqHgoj1iJkzpjYFkT&sig=Cg0ArKJSzFfh5CN6AI9mEAE&id=lidar2&mcvt=1002&p=220,266,310,994&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230906&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=755290641&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694513788962&rpt=984&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 110ms
109ms Script
text/javascript 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309060101/pubads_impl.js?cb=31077684

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 10:16:31 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A704 13 KB
5 KB 3ms
3ms Document
text/html 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 455352
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Sep 2023 03:47:19 GMT
expires: Fri, 06 Sep 2024 03:47:19 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5A5E 829 B
1 KB 204ms
105ms Document
text/html 172.217.24.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s20-in-f4.1e100.net

Software

GSE /

Resource Hash

91dcfd449c8c9f36e351c53a2c52f98150a5c6bd5d65cbbc59812b454bd04d8d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AC0-kytNIqlkPFBMEItaag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 537
content-security-policy: script-src 'report-sample' 'nonce-AC0-kytNIqlkPFBMEItaag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:31 GMT
expires: Tue, 12 Sep 2023 10:16:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js Show response
pagead2.googlesyndication.com/bg/ Frame A704 37 KB
14 KB 3ms
3ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GMNNf8dPzMFRWE2GFsJAeeYNxVBqAV2Fx36SZG50-nU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c34d7fc74fccc151584d8616c24079e60dc5506a015d85c77e92646e74fa75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14501
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:08:54 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame A704 0
40 B 3ms
2ms Image
text/plain 172.217.24.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?L5WGHQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.24.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 /
pixel.nine.com.au/ 70 B
136 B 123ms
29ms Image
image/png 52.65.67.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.nine.com.au/?advertiser=NineRadioSegments&site_section=9news_world
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.65.67.81 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-65-67-81.ap-southeast-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: a73237a07cec4d81b7cb7995220839f554e2e8936e5d5ae25cc47753f9737c07

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:31 GMT
server: awselb/2.0
content-length: 70
content-type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5A5E 0
0 134ms
134ms Image
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309060101&jk=3042667090651123&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.24.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 142ms
141ms Image
text/html 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309060101&jk=3042667090651123&bg=!UFOlUxzNAAa6D61Rmg87ADQBe5WfOA9qB9XtEP2flr-u8BXyTfhemskxSnAdZn9LuZnszJQs8_4ZXuhCYPtrGH-92rPDAgAAAFBSAAAAGGgBBwoAYOHSIIhywTFY8r9P8jZCJOEBzcvjt6zLI4tbY1Wej9PFKdqgy9JgEndHhv05gu8OEyFlo4YUlq8m9ikIC0HBI8gqswSwJYNW1QN0MmkbKAgVNZGHhCf9EoECcgycDGomSJkCvXLwed7Ae_WD2olRUdGYMExBiaO4XPmuUifd8befBFzwEsfPpNtFgEI3ftnrnKrg1RjXSDNofpKpPSYJqHaE6aD57xuzkfsTcqsKL4UyNsqa9VEzURx8bgpiEg1DtdkmZetMYNokgeg93mUCeeG7LPvHu-w1gmjFmglp0Va3UkGij0cfP-m5KgNBdngryemGIZ4iK0kaRXvJc3RuSQbaBKiiqi1B0kk_9_Odzd2OTwI_LudG89FGzPPbUINGmHZJfaJvTBzFARDOt0MiSZbBmG_v7TY7xwWUrwNba5k0us-YMXqVRr2stsFGUlY-P-ARUZO_Rqw6WKt4f-ufOdRSm_XD-mcZbF5lHvdQADLqS5YMovrFUg4wZXI0zo6O6KEhceRlryQ0Ow_AVFnYTnit310eqodmoDpTbW_4xvkNmuaZJamUFuV6Ja60orZPYUslpY5Rg4bZNrRa8wYHbjz8BVlamOBekxb2MgVXVkmXDrsmRpM4w3P1T1i4UUaQ5kJilC088hlEu_E5Ps1Z5hdHsbhguh3wBaD1KYyn3u9dciNv7liNS0ktuL889Jn69mkw_foQcWCmERMTfAy9OeR9VrFZCqny0tfBH16lnFB8zNtOUBUacr-zskNBYPxOOqqaie3lr-QT4yLWAgqTpXGEcPXd7rYO9b3rVjr1OVJtWgdIw-haFaYnKdr6apOo16krlGkmoTytscD7YO9Kr0i51YQDv76ijDHoVbG7lJskkENNjtNUYdYlEnUruVv6Ak_81MrMi17ohPBJDECc3L6qem9-_kfd5o1Pru7xDO5xmYdc4kmzMxyBCf9MJGlhFBiKVjBR384Z2GyefORXO-iNEiWSCdXRsrcFv6PYclIVuscke8ioqYYP0eVluyDJ0tKKUs1WmrCdbMeOwohKuEd08_P74uD_qdaEuHbmKSUD
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.24.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D20D 15 KB
6 KB 110ms
102ms Document
text/html 23.215.59.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.59.10 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-59-10.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=101688
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 12 Sep 2023 10:16:33 GMT
expires: Wed, 13 Sep 2023 14:31:21 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

pd Show response
microsoft-aunz-d.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://microsoft-aunz-d.openx.net/w/1.0/pd
https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1

533 B
659 B

105ms
105ms

Document
text/html

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: ff968296fbde05bf91364f45564d48f7c7903c95a4cc7088483013a65e010ecd

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 325
content-type: text/html
date: Tue, 12 Sep 2023 10:16:33 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 12 Sep 2023 10:16:33 GMT
location: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
via: 1.1 google

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6632 281 B
554 B 53ms
5ms Document
text/html 23.219.61.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.219.61.234 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-61-234.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 12 Sep 2023 10:16:33 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame BAAD 1 KB
2 KB 97ms
95ms Document
text/html 35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: 538d22a873b6567e5c6d38764120fa4a01b49905935e73ee0682e2471a13fe46

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1303
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:33 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F718 52 KB
17 KB 419ms
111ms Document
text/html 23.77.149.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.149.36 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-149-36.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 12 Sep 2023 10:16:33 GMT
ETag: "623de86a-cf34"
Expires: Wed, 13 Sep 2023 10:16:35 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
X-Akamai-EW-Subworker: 8096267

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 214D 3 KB
2 KB 27ms
13ms Document
text/html 104.18.38.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/21460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.9news.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 655
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 805765489df3571b-SYD
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 12 Sep 2023 10:16:33 GMT
expires: Tue, 12 Sep 2023 14:16:33 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6632 35 KB
10 KB 5ms
5ms Script
text/html 23.219.61.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.219.61.234 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-61-234.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e55063e72e70ae7d614668a514ccdecda16960276691153b9ef292dddf28e521

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Sep 2023 19:15:52 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=32305
Connection: keep-alive
Content-Length: 10210
Expires: Tue, 12 Sep 2023 19:14:58 GMT

GET
H2

200

usermatch Show response
ssum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
839 B

148ms
147ms

Document
text/html

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ab095cc4a5caeeb28190a36b9f0fc6e4484c9a5913a04f4449cf2a94a7876ef

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 80576549ee295c0d-SYD
content-encoding: br
content-type: text/html
date: Tue, 12 Sep 2023 10:16:33 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2F4H1DjcDhPdxC4gKETr2L9mjHyjWKaSokzXubGN3OhKhKPlssfCljam3lg5g8AI74nOmuYI8kSqM0dnWemR0ubgW7cXFaWDuXVw31XHx2ZmBVUsqdwUWi1szYvRNdS%2BdxkzTlodX9jLYA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 80576548ed115c0d-SYD
content-length: 0
date: Tue, 12 Sep 2023 10:16:33 GMT
expires: 0
location: /usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKhbWUISztD5ph60JLpIgp10t1ion0XYeHz4fsK2bHJWOELUvi1kwbudBl7MKrcJrRi5q%2FdQEwn%2B9mcXtGaMuEVBmSHJ9VTuPNRTaEtOy9iTC4EF5Fzag%2B3NaPctlYJ2ql4NlGqlxEI2sA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

xuid
eb2.3lift.com/ Frame BAAD
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

98ms
98ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Sep 2023 10:16:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://eb2.3lift.com/xuid?mid=3658&xuid=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&dongle=0cfd&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 251

GET
H2

200

ebda
eb2.3lift.com/ Frame BAAD
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

37 B
139 B

95ms
95ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame BAAD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENi8BBvneVDFLBXBHj7qjDE&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

37 B
354 B

96ms
96ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENi8BBvneVDFLBXBHj7qjDE&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Sep 2023 10:16:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENi8BBvneVDFLBXBHj7qjDE&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAAD
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D

170 B
188 B

138ms
138ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDQxMDYzMDIwMTE1MTQ4ODU1MDg0MQ%3D%3D
date: Tue, 12 Sep 2023 10:16:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame BAAD 0
630 B 513ms
196ms Image
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4410630201151488550841&dbredirect=true&gdpr=0&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:33 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 4071093DA48C4A8EB1B8CD77FB2C02FA Ref B: SYD03EDGE1408 Ref C: 2023-09-12T10:16:33Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYFJrzARPbK7kCRU4e8VA==

GET
H2

200

xuid
eb2.3lift.com/ Frame BAAD
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/4410630201151488550841?gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-6bgaRRBE2oQAMQiTe0E9CilPudHty0cKvCRF4DoZAg--~A&dongle=0883

37 B
354 B

96ms
96ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-6bgaRRBE2oQAMQiTe0E9CilPudHty0cKvCRF4DoZAg--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Sep 2023 10:16:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-6bgaRRBE2oQAMQiTe0E9CilPudHty0cKvCRF4DoZAg--~A&dongle=0883
content-length: 0

GET
H2 200 c.gif
c.bing.com/ Frame BAAD 42 B
232 B 122ms
121ms Image
image/gif 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=4410630201151488550841&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
last-modified: Wed, 30 Aug 2023 15:12:21 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0796EFA66ABA4932965DCEDE8399852F Ref B: SYD03EDGE1518 Ref C: 2023-09-12T10:16:33Z
etag: "4b119d5f54dbd91:0"
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type: image/gif
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame BAAD
Redirect Chain

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4410630201151488550841&gdpr=0&gdpr_consent=${GDPR_CONSENT_28}
https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=4410630201151488550841&gdpr=0&gdpr_consent=${GDPR_CONSENT_28}
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=triplelift
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=triplelift
https://x.bidswitch.net/sync?dsp_id=70&user_id=3092276361485442089&ssp=triplelift

43 B
235 B

171ms
171ms

Image
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=70&user_id=3092276361485442089&ssp=triplelift
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: HTTP/1.1
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://x.bidswitch.net/sync?dsp_id=70&user_id=3092276361485442089&ssp=triplelift
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame BAAD 43 B
363 B 672ms
203ms Image
image/gif 182.161.73.146
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=${GPP_STRING_28}&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID%40%40%26dongle%3D013b

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.146 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 387118
expires: Tue, 12 Sep 2023 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame BAAD
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=2929370047501124640&dongle=4d58&gdpr=0&gdpr_consent=

37 B
354 B

96ms
96ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=2929370047501124640&dongle=4d58&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Sep 2023 10:16:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
an-x-request-uuid: 90f9ff71-e82b-4b7d-848d-4c4f343d90bb
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://eb2.3lift.com/xuid?mid=3335&xuid=2929370047501124640&dongle=4d58&gdpr=0&gdpr_consent=
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D20D 2 KB
3 KB 619ms
202ms Script
text/html 207.65.33.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=62340726&p=158309&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b02c095f1f0861ab5705770b4b2972e538f53d8d93b7b289e02cb651e05f2abe

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 12 Sep 2023 10:16:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 6632
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=&expires=30

42 B
690 B

388ms
96ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=&expires=30
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6632
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE1HNVJBVkktNy0xUFJO
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIx5Dd7qyc1VWwqD5XpCZtE&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE1HNVJBVkktNy0xUFJO&google_push=

170 B
188 B

143ms
142ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE1HNVJBVkktNy0xUFJO&google_push=

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE1HNVJBVkktNy0xUFJO&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 030b4ddd4a4f3e9891a065664f20c4bb
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6632
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmYzMTJiNDYzYTI4ZjkzNmRiMWZlYjAzMDJjOWJiNGFjMjVlOWRjOA

170 B
188 B

148ms
146ms

Image
image/png

172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmYzMTJiNDYzYTI4ZjkzNmRiMWZlYjAzMDJjOWJiNGFjMjVlOWRjOA

Protocol

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MmYzMTJiNDYzYTI4ZjkzNmRiMWZlYjAzMDJjOWJiNGFjMjVlOWRjOA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 6632
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=32h_K25STm6KnzMUBbxCgg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=32h_K25STm6KnzMUBbxCgg

43 B
720 B

212ms
212ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=32h_K25STm6KnzMUBbxCgg

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:34 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: TKAQ2NSXXZV9WEWT3WF5
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=32h_K25STm6KnzMUBbxCgg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: beb52df1a5a4b2f2cb3f37642c514298
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 6632
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/tpNaOkl_rphq4Ci-vUUJow?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E8uLrkRE2oLMfQgzb5z0a0a5FCv7aoaPhTM99A--~A

42 B
690 B

98ms
97ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E8uLrkRE2oLMfQgzb5z0a0a5FCv7aoaPhTM99A--~A
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 550b0c1400f70e56269f7c1848fb3166
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E8uLrkRE2oLMfQgzb5z0a0a5FCv7aoaPhTM99A--~A
content-length: 0

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 6632
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=mdodpWI8Q2eIlQi3vwDPew&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=mdodpWI8Q2eIlQi3vwDPew

43 B
479 B

277ms
277ms

Image
image/gif

67.220.228.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=mdodpWI8Q2eIlQi3vwDPew

Protocol

HTTP/1.1

Server

67.220.228.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 30BGQBZ40KF3APPFF5AE
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=mdodpWI8Q2eIlQi3vwDPew
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 808ed95536e7f55d8adbcb9fc76d309d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 6632
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEC92EmPDPjdIOH0hynWcOhY&google_cver=1

42 B
690 B

352ms
98ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEC92EmPDPjdIOH0hynWcOhY&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 030b4ddd4a4f3e9891a065664f20c4bb
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEC92EmPDPjdIOH0hynWcOhY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 6632
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LMG5RAVI-7-1PRN

0
410 B

194ms
193ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LMG5RAVI-7-1PRN
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F409FF074395437B876E020E2DB0A60C Ref B: SYD03EDGE1408 Ref C: 2023-09-12T10:16:33Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYFJrzCi4aKgjy+DmuW7A==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LMG5RAVI-7-1PRN
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=

43 B
61 B

98ms
98ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0&gdpr_consent=

43 B
323 B

111ms
98ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0&gdpr_consent=
Requested by: Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=87267afe-3fb5-3bf6-76b3-2d920b287190&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H3

200

sd
jp-u.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=openx
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZQA6gsCo5swAAFKUmjAAAAAA

43 B
61 B

98ms
97ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZQA6gsCo5swAAFKUmjAAAAAA
Requested by: Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Tue, 12 Sep 2023 10:16:34 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"66.203.112.168","key":"ZQA6gsCo5swAAFKUmjAAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad1021"}
X-SO-Key: ZQA6gsCo5swAAFKUmjAAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad1021
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZQA6gsCo5swAAFKUmjAAAAAA
Cache-Control: private
X-SO-HostName: m-ad1021.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 1
Content-Length: 0
X-SO-LB-Hostname: a-tgng40008.dc2p.scaleout.jp
X-SO-IP: 66.203.112.168

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AfxT-P0YQL9Bks8AD7ImEjf0ds8AAAGKiOSK6w

43 B
106 B

106ms
99ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AfxT-P0YQL9Bks8AD7ImEjf0ds8AAAGKiOSK6w
Requested by: Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 e32fd4d6bca08174b7bd2cfbec023138.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AfxT-P0YQL9Bks8AD7ImEjf0ds8AAAGKiOSK6w
cache-control: no-cache
content-length: 0
x-amz-cf-id: wZSLPhtJBhBCKGG8TFMcSyKuMrauHLua4q8p6ioWSUWQUFXzuo98rw==
expires: -1

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0075 170 B
188 B 147ms
146ms Image
image/png 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWI0OWE5MzQtZjZjMi02NTUyLTYzNTMtNzcyYmMxY2FiZmYw

Requested by

Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 0075
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENLSRAyZD3hEUK9ZwHg9jd8&google_cver=1

43 B
61 B

97ms
97ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENLSRAyZD3hEUK9ZwHg9jd8&google_cver=1
Requested by: Host: microsoft-aunz-d.openx.net
URL: https://microsoft-aunz-d.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://microsoft-aunz-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENLSRAyZD3hEUK9ZwHg9jd8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZQA6gRe5gFJRnWIFeOcyWwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDEH-ExePIQV6Z5shdYF8U0&google_cver=1

43 B
736 B

115ms
115ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDEH-ExePIQV6Z5shdYF8U0&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BU%2BEecRg8s5Qc8mTF0GJwDZ9FYizUhHvczXsCtXM07mkTibDRB28NDrLpVdNUJOfyK3dazjhPj8t3QbkWy86YeEi6Q9x%2BPTNVVy%2FXhjZFbCB1LyFqF4bpN0ASjF36ZL1B%2BFfUMtjn0eZSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654cc8275729-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDEH-ExePIQV6Z5shdYF8U0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame DF6D
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid=&dcc=t

43 B
855 B

218ms
215ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:34 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: JA1HT1YASYSJ89KEZT0Y
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Sep 2023 10:16:34 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 2JRZ6N32SF0B9PN5F48C
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&expiration=1697105793&gdpr=0&gdpr_consent=

43 B
337 B

147ms
147ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&expiration=1697105793&gdpr=0&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8O6zTAlBIMRxn8BVkXuy4M%2FFvtgaoIT1dbjKsAEkFdx2SE0YlpwFLbxxnZCCBhXlLfORAq0YCyCM1SzF3TFWP4ps%2F4GbilcOdZ1LMQJtF8M940Uih%2BfBrm3Gnm9Nspzd7HllcbJVIubkIw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654aef635c0d-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&expiration=1697105793&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZQA6gRe5gFJRnWIFeOcyWwAAErIAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECz6kgsONe8iMh9DeXBodlg&google_cver=1

43 B
770 B

115ms
115ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECz6kgsONe8iMh9DeXBodlg&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vzonftl0hBpBspAnAiq6rzwrjNUsubuZDo86JWEEokwtI3xtd2GhvYalJuCCyvsq%2Bf2vlbJfbcNcEmkOHUuNEVJxJSwGQ6jgffTzwjM%2B%2F0TtyJOUsVF%2BdAMUc7DJBOSX4GA%2BFycbem91Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654bcf1f5729-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECz6kgsONe8iMh9DeXBodlg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1710238593&external_user_id=09a6c9ea-dd53-418e-a840-6c08eab7ffcf

43 B
736 B

118ms
118ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1710238593&external_user_id=09a6c9ea-dd53-418e-a840-6c08eab7ffcf
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hU02F%2BQqZ3SVyG3xpM9jaBx7FdFgzNuZ3lzQr9OpZ4d%2B6KPz%2BjKoRJya0rVszLs4o8W0O6bQo9ak5ZjEaBXBZ%2Bqg4fR9k%2B9JtezrW4tOE75YWfasnZn17OoRpu%2B2ldBmOcBryZlYVcWk2g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654c98025729-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 google
access-control-allow-methods: GET,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *.casalemedia.com
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1710238593&external_user_id=09a6c9ea-dd53-418e-a840-6c08eab7ffcf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 157

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame DF6D
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2929370047501124640

43 B
730 B

120ms
119ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2929370047501124640
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1LzOj6jxx%2BTX6ATbP6iIj46cahi0osaAgSJmF2P71gXTcjD4nYT%2B1%2FgvYoE7Cx2Ao5QWE6P2Ag589HA2U4ytZs1JkUxRetXA0yJyL3wx0wMalHsO0A1ZUOdoqinJ85A5YLOeDEgS3EUtKw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654c2f905729-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
an-x-request-uuid: 46b2a8a3-3f5b-4163-ba34-2157f2aeb480
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2929370047501124640
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

crum
dsum.casalemedia.com/ Frame DF6D
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=48dff6db-258d-67ad-78a2cda4

43 B
551 B

123ms
115ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=48dff6db-258d-67ad-78a2cda4
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wdWGMqwwXEenl26W06t2ihCyt8gLvacv86VF3zLVzLmRm2xwBSg81IEp%2BcWb6jlkjlHD%2FpzgWEh9V%2FYfF8WHIykGPPpzAoJi%2FZwXZM0fWUawcUKgrgSTHNnb6E9Ea2uFlPTcYX3"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8057654c49165c0d-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Tue, 12 Sep 2023 10:16:33 GMT
via: 1.1 google
server: nginx/1.24.0
p3p: CP='This is not a P3P policy!'
access-control-allow-origin: *
location: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=48dff6db-258d-67ad-78a2cda4
content-type: text/html; charset=utf-8
cache-control: max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame DF6D 43 B
235 B 419ms
171ms Image
image/gif 35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=index
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame DF6D 43 B
229 B 13ms
8ms Image
image/gif 104.18.38.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?ZQA6gRe5gFJRnWIFeOcyWwAA%264786
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.9news.com.au%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:33 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 63192
etag: "da1f1d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 8057654ae8e7571b-SYD
content-length: 43
expires: Wed, 13 Sep 2023 10:16:33 GMT

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame F718 0
595 B 202ms
202ms Script
text/html 103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 , Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:33 GMT
an-x-request-uuid: c90e97e8-a518-4de7-bd0b-b611acd9335b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 270B
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0h9fR9dLV0XJSA4R1BxCQ4UeWEHJGV0V10_9IQ39

42 B
338 B

204ms
204ms

Document
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0h9fR9dLV0XJSA4R1BxCQ4UeWEHJGV0V10_9IQ39
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Tue, 12 Sep 2023 10:16:34 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0h9fR9dLV0XJSA4R1BxCQ4UeWEHJGV0V10_9IQ39
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame E97C
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2929370047501124640&gdpr=0&gdpr_consent=

42 B
296 B

416ms
203ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2929370047501124640&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 7cd40ec9-5de2-4665-9604-239133d3eeff
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:34 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2929370047501124640&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3C2C
Redirect Chain

https://cm.ambientdsp.com/cm/send?vc=pmj
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11jwy29wwjop

1 B
248 B

332ms
204ms

Document
text/html

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11jwy29wwjop
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 09:05:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-store
content-length: 0
date: Tue, 12 Sep 2023 10:16:34 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11jwy29wwjop
lws: 127.0.0.1
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D20D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QwIfUcWXQZyHkdehwhgUvg%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

102ms
102ms

Image
text/html

23.215.59.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 23.215.59.10 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-59-10.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
content-encoding: gzip
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=101687
accept-ranges: bytes
content-length: 5606
expires: Wed, 13 Sep 2023 14:31:21 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame D20D
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=43021F51-C597-419C-8791-D7A1C21814BE
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=43021F51-C597-419C-8791-D7A1C21814BE
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%2C%2C

95 B
124 B

143ms
142ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%2C%2C

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&ttd_puid=de2a8705-db22-4716-84db-1e09785d804c%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame D20D
Redirect Chain

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=&ct=y

49 B
543 B

135ms
135ms

Image
image/gif

54.179.206.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=&ct=y
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 54.179.206.230 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-179-206-230.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.7.134
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=&ct=y
cache-control: no-cache
x-server: 10.42.26.39
content-length: 0
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame D20D
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent=

42 B
220 B

170ms
170ms

Image
image/gif

119.9.108.191

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: HTTP/1.1
Server: 119.9.108.191 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

uip-response-status: FallbackResponse
date: Tue, 12 Sep 2023 10:16:32 GMT
frontend-id: 0
content-length: 42
routing-server-id: 1
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:31 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=43021F51-C597-419C-8791-D7A1C21814BE&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDMwMjFGNTEtQzU5Ny00MTlDLTg3OTEtRDdBMUMyMTgxNEJF&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

626ms
203ms

Image
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:34 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG4Og9TE4gH7Ukql-aPbY-E&google_cver=1

42 B
496 B

626ms
203ms

Image
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG4Og9TE4gH7Ukql-aPbY-E&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:34 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG4Og9TE4gH7Ukql-aPbY-E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame D20D 43 B
612 B 300ms
95ms Image
image/gif 34.142.175.23
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.142.175.23 , Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

23.175.142.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 11 Sep 2023 10:16:34 GMT

GET
H2 200 43021F51-C597-419C-8791-D7A1C21814BE
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame D20D 43 B
602 B 104ms
101ms Image
image/gif 52.76.206.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/43021F51-C597-419C-8791-D7A1C21814BE?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.76.206.208 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-76-206-208.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=

42 B
507 B

618ms
203ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 09:05:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f6a38bfb-f70d-4e83-a479-0a09e05d1df6&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=43021F51-C597-419C-8791-D7A1C21814BE&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-EDgZbk9E2uViq9f5U7adAVfQIYmBuh8-~A&gdpr=0

0
260 B

623ms
202ms

Image
text/plain

67.199.150.85

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-EDgZbk9E2uViq9f5U7adAVfQIYmBuh8-~A&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Server: 67.199.150.85 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:34 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-EDgZbk9E2uViq9f5U7adAVfQIYmBuh8-~A&gdpr=0
date: Tue, 12 Sep 2023 10:16:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame D20D
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://sync.aralego.com/bsw_sync?ucf_nid=par-E2B44D84BBBDED8A0B297323E4B4A68&dsp_id=445&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=2a76b861-79fc-4b49-bfa4-3083685319a6&gdpr=0&gdpr_consent=&gdp...
https://x.bidswitch.net/sync?dsp_id=445&user_id=3cc7f047-f848-326d-bf97-995b7e70b951&ssp=pubmatic&bsw_param=2a76b861-79fc-4b49-bfa4-3083685319a6

43 B
235 B

172ms
172ms

Image
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=445&user_id=3cc7f047-f848-326d-bf97-995b7e70b951&ssp=pubmatic&bsw_param=2a76b861-79fc-4b49-bfa4-3083685319a6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: HTTP/1.1
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:16:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=445&user_id=3cc7f047-f848-326d-bf97-995b7e70b951&ssp=pubmatic&bsw_param=2a76b861-79fc-4b49-bfa4-3083685319a6
date: Tue, 12 Sep 2023 10:16:35 GMT
connection: close
content-length: 166
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 178ms
177ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=6171&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A7244%3A3150&as=1&ag=5026&an=1203&gi=1&gf=5026&gg=1203&ix=5026&ic=5026&ez=1&ck=1203&kw=1066&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5026&bx=1203&ci=1203&jz=1066&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4899&cd=1066&ah=4899&am=1066&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=254511014&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:34 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 157ms
156ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1Dzdk,pingTime:5,time:5468,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:410%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5468,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5074~100%5D,as:%5B5074~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:161,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,sis:683%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 158ms
158ms Image
image/gif 34.211.137.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1612340&asId=c57a94e3-6be5-e874-6b42-d0408a290b12&tv=%7Bc:o1Dzdk,pingTime:5,time:5468,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:600,t:410%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5468,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:410,wc:0.0.1600.1200,ac:1120.220.300.600,am:sp,cc:0.0.300.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5074~100%5D,as:%5B5074~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:161,fm:tPDxaAq+11%7C12%7C13%7C14%7C15%7C16*.1612340-73397107%7C161%7C162%7C171%7C172%7C18,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:411,sis:683%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.211.137.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-211-137-222.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame F718 0
595 B 215ms
215ms Script
text/html 103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 , Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:34 GMT
an-x-request-uuid: cdafd9ab-6222-4768-9087-0f547c96ef37
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.168; 66.203.112.168; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame D20D 0
128 B 206ms
202ms Script
text/plain 67.199.150.85

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158309&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:36 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D20D 2 KB
2 KB 202ms
202ms Script
text/html 207.65.33.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=4335648&p=158309&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9b28385fa2dc117f90eef18a5a9e1639dd97e82ce1ac9632aa37dad5ff6d058d

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 12 Sep 2023 10:16:36 GMT
content-length: 1910
content-type: text/html; charset=UTF-8

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 57AE 35 B
591 B 129ms
129ms Document
image/gif 185.84.60.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=43021F51-C597-419C-8791-D7A1C21814BE&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Tue, 12 Sep 2023 10:16:36 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 9A26 43 B
362 B 202ms
202ms Document
image/gif 182.161.73.146
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.146 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Tue, 12 Sep 2023 10:16:36 GMT
expires: Tue, 12 Sep 2023 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 204083
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2 200 b9pj45k4 Show response
sync-tm.everesttech.net/upi/pid/ Frame 35F6 85 B
424 B 541ms
219ms Document
image/png 151.101.2.49

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 85
content-type: image/png
date: Tue, 12 Sep 2023 10:16:37 GMT
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-bfi-krnt7300058-BFI
x-timer: S1694513797.174651,VS0,VE68

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A4A3
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=tXQeOi-xUOp_0K2qRUtLH0LLcKg&gdpr=0&gdpr_consent=

42 B
297 B

204ms
203ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=tXQeOi-xUOp_0K2qRUtLH0LLcKg&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Sep 2023 10:16:37 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=tXQeOi-xUOp_0K2qRUtLH0LLcKg&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame FA93
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=dhdt24umtfqj

42 B
310 B

203ms
203ms

Document
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=dhdt24umtfqj
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Tue, 12 Sep 2023 10:16:37 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=dhdt24umtfqj
lws: 224
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame E38E 43 B
369 B 150ms
140ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Tue, 12 Sep 2023 10:16:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame DBD8
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95890e74367c4c6f836e0a430afa8f88

42 B
304 B

203ms
203ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95890e74367c4c6f836e0a430afa8f88
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html;charset=UTF-8
date: Tue, 12 Sep 2023 10:16:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95890e74367c4c6f836e0a430afa8f88
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
status: 302
via: 1.1 google
x-xss-protection: 1; mode=block

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame FE54
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=a4lTQozXC5G_WRoGhToAZQ

42 B
278 B

203ms
203ms

Document
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=a4lTQozXC5G_WRoGhToAZQ
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 07:07:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=a4lTQozXC5G_WRoGhToAZQ
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1849
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU20331074aa214be68194323e752d6419

42 B
359 B

204ms
204ms

Document
image/gif

67.199.150.86

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU20331074aa214be68194323e752d6419
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 166
content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU20331074aa214be68194323e752d6419
pragma: no-cache
server: nginx

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame D20D
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=43021F51-C597-419C-8791-D7A1C21814BE
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=d2e00598-f2f2-0d96-29ca-ad6132b31048

42 B
60 B

182ms
182ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=d2e00598-f2f2-0d96-29ca-ad6132b31048
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:37 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Tue, 12 Sep 2023 10:16:37 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=d2e00598-f2f2-0d96-29ca-ad6132b31048
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3092276361485442089

42 B
322 B

204ms
203ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3092276361485442089
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3092276361485442089
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame D20D
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=

1 B
176 B

203ms
203ms

Image
text/html

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Tue, 12 Sep 2023 10:16:37 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8977195970306470236&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Tue, 12 Sep 2023 10:16:36 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame D20D 0
128 B 204ms
203ms Script
text/plain 67.199.150.85

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158309&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:16:38 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
275 B 178ms
177ms Image
image/gif 23.77.143.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&zMoatGNID=133009657&zMoatAU1=9news&zMoatAU2=world&wf=1&ra=6&sgs=3&vb=3&kq=1&lo=0&uk=null&pk=0&wk=0&rk=1&tk=1&ak=-&i=NINE_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BG%24%3D!!tFQ%5Bh3M7I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-E0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-1IRrnTcST%2BDrDg%3D%3D&sc=1&os=1-1Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-480&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=5&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617%3Focid%3Dedm-nine.com.au-ninedaily--230912%26mktg_scr%3Dedm-ninedaily&id=1&ii=4&f=0&j=&t=1694513787934&de=755060883629&rx=166864991930&cu=1694513787934&m=11205&ar=7f176ec564c-clean&iw=7bbad86&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=1223&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1815%3A1815%3A7244%3A3150&as=1&ag=10059&an=5026&gi=1&gf=10059&gg=5026&ix=10059&ic=10059&ez=1&ck=1203&kw=1066&aj=1&pg=100&pf=100&ib=0&cc=1&bw=10059&bx=5026&ci=1203&jz=1066&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=9933&cd=4899&ah=9933&am=4899&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=4538296053%3A3234915080%3A6352580061%3A138442466791&bo=132009777&bp=22537945352&bd=undefined&gw=ninegamheader317783335130&zMoatOrigSlicer1=132009777&zMoatOrigSlicer2=22537945352&zMoatSZ=728x90&zMoatMMV_MAX=waiting&zMoatMData=waiting&zMoatMSafety=waiting&zMoatMGV_MAX=waiting&zMoatMMV=waiting&zMoatMGV=waiting&zMoatAdUnitPath=%2F133009657%2F9news%2Fworld&zMoatPT=gallery&zMoatFP=above&zMoatPS=1&zMoatSlotName=-&zMoatCURL=9news.com.au%2Fworld%2Fhow-kim-jong-un-travels-when-he-leaves-north-korea%2F4f3a921f-dfc4-4f12-94d9-698a73627617&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&iq=waiting&tt=waiting&tu=waiting&tp=waiting&tc=0&fs=205402&na=907354915&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.77.143.172 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-143-172.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:39 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 12 Sep 2023 10:16:39 GMT

GET
H2 200 dc_oe=ChMI7-m04-ukgQMVK4WsAh3C5wu8EAEYACD4s5RV;met=1;&timestamp=1694513799614;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 7B71 42 B
112 B 152ms
144ms Image
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7-m04-ukgQMVK4WsAh3C5wu8EAEYACD4s5RV;met=1;&timestamp=1694513799614;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.9news.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Sep 2023 10:16:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIzOzh4-ukgQMVNoRLBR3S2ACpEAAYACCL1LVd;met=1;&timestamp=1694513799620;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 713F 42 B
204 B 145ms
143ms Image
image/gif 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzOzh4-ukgQMVNoRLBR3S2ACpEAAYACCL1LVd;met=1;&timestamp=1694513799620;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS