omklefkior.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vpnlist.site/aff_c?offer_id=644&aff_id=447&redirect=SurfsharkVPN
Effective URL:
https://omklefkior.com/?t=0&ymid=728472239288366030
Submission: On September 20 via api (September 20th 2023, 9:20:39 pm UTC) from LU — Scanned from DE

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 30 HTTP transactions. The main IP is 139.45.197.167, located in United Kingdom and belongs to RETN-AS, GB. The main domain is omklefkior.com. The Cisco Umbrella rank of the primary domain is 214874.
TLS certificate: Issued by R3 on September 14th 2023. Valid for: 3 months.

This is the only time omklefkior.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:40b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3030::ac43:8a93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:303... 2606:4700:3031::ac43:8dd4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	139.45.197.244 139.45.197.244	9002 (RETN-AS) (RETN-AS)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	139.45.195.253 139.45.195.253	9002 (RETN-AS) (RETN-AS)
16	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	139.45.197.167 139.45.197.167	9002 (RETN-AS) (RETN-AS)
30	7

1 2606:4700:3037::6815:40b5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

vpnlist.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:8a93 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

vpop2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:8dd4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.we-are-anon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.244 (United Kingdom) 1 redirects

ASN9002 (RETN-AS, GB)

forooqso.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.253 (United Kingdom)

ASN9002 (RETN-AS, GB)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

wholedailyjournal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 139.45.197.167 (United Kingdom)

ASN9002 (RETN-AS, GB)

omklefkior.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	wholedailyjournal.com wholedailyjournal.com — Cisco Umbrella Rank: 54262	63 KB
6	omklefkior.com omklefkior.com — Cisco Umbrella Rank: 214874	21 KB
4	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 6646	2 KB
2	forooqso.tv 1 redirects forooqso.tv — Cisco Umbrella Rank: 108307	14 KB
2	we-are-anon.com 1 redirects a.we-are-anon.com	7 KB
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 22356	464 B
1	vpop2.com 1 redirects vpop2.com	582 B
1	vpnlist.site 1 redirects vpnlist.site	579 B
30	8

	Domain	Requested by
16	wholedailyjournal.com	wholedailyjournal.com
6	omklefkior.com	wholedailyjournal.com omklefkior.com
4	my.rtmark.net	forooqso.tv wholedailyjournal.com
2	forooqso.tv	1 redirects a.we-are-anon.com
2	a.we-are-anon.com	1 redirects
1	datatechone.com	forooqso.tv
1	vpop2.com	1 redirects
1	vpnlist.site	1 redirects
30	8

This site contains no links.

Subject Issuer	Validity	Valid
we-are-anon.com GTS CA 1P5	`2023-09-14` - `2023-12-13`	3 months	crt.sh
forooqso.tv R3	`2023-09-08` - `2023-12-07`	3 months	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-18` - `2023-12-24`	a year	crt.sh
wholedailyjournal.com E1	`2023-08-01` - `2023-10-30`	3 months	crt.sh
omklefkior.com R3	`2023-09-14` - `2023-12-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://omklefkior.com/?t=0&ymid=728472239288366030
Frame ID: 3656D83EA0E935A4A8D407B1B4F6003A
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Attention

Page URL History Show full URLs

https://vpnlist.site/aff_c?offer_id=644&aff_id=447&redirect=SurfsharkVPN HTTP 302
https://vpop2.com/ HTTP 302
https://a.we-are-anon.com/h/ Page URL
https://a.we-are-anon.com/ HTTP 302
https://forooqso.tv/4/2661777 Page URL
https://forooqso.tv/?z=2661777&syncedCookie=true&rhd=false HTTP 302
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z... Page URL
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z... Page URL
https://wholedailyjournal.com/submenu/4662728/?rhd=1&var=2661777&var3=728472236385899164&oaid=fc8d16ae072f... Page URL
https://omklefkior.com/?t=0&ymid=728472239288366030 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

30
Requests

97 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

106 kB
Transfer

321 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vpnlist.site/aff_c?offer_id=644&aff_id=447&redirect=SurfsharkVPN HTTP 302
https://vpop2.com/ HTTP 302
https://a.we-are-anon.com/h/ Page URL
https://a.we-are-anon.com/ HTTP 302
https://forooqso.tv/4/2661777 Page URL
https://forooqso.tv/?z=2661777&syncedCookie=true&rhd=false HTTP 302
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
https://wholedailyjournal.com/submenu/4662728/?rhd=1&var=2661777&var3=728472236385899164&oaid=fc8d16ae072f64cfb3e0acae5ae97841 Page URL
https://omklefkior.com/?t=0&ymid=728472239288366030 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://vpnlist.site/aff_c?offer_id=644&aff_id=447&redirect=SurfsharkVPN HTTP 302
https://vpop2.com/ HTTP 302
https://a.we-are-anon.com/h/

Request Chain 1

https://a.we-are-anon.com/ HTTP 302
https://forooqso.tv/4/2661777

Request Chain 4

https://forooqso.tv/?z=2661777&syncedCookie=true&rhd=false HTTP 302
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

30 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
a.we-are-anon.com/h/
Redirect Chain

https://vpnlist.site/aff_c?offer_id=644&aff_id=447&redirect=SurfsharkVPN
https://vpop2.com/
https://a.we-are-anon.com/h/

11 KB
7 KB

138ms
68ms

Document
text/html

2606:4700:3031::ac43:8dd4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.we-are-anon.com/h/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8dd4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 809d1cf7a9fc1ac7-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypOlxFeUHORSuOJ3WSWSE%2Bq3IyTvWtc1UPL0Orwmm6LZ2QW2CSCvWW%2FveslME453%2F5zO9KXwUFla%2B1f7OGBurFcqQFm9rprc7dxTMKmW7DX5FEekSjp7XrpRrcoOT8uElwayD2NtQBcA58pkQD7pDg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 809d1cf6eedd37ca-FRA
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://a.we-are-anon.com/h/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TH1BK3T9H5XJ3n4AZNjWwcTdYKYqko1iggaz3WA7Br6bIaNCmnn5033%2B%2BBSn4uMbsn5Pj3g01FMRMJleEiZ50zohgDoh5EG0vIvdoXV2vdVxj5F89vbQQpPEmfqbyhBhCuPXEFlc6L4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2

200

2661777 Show response
forooqso.tv/4/
Redirect Chain

https://a.we-are-anon.com/
https://forooqso.tv/4/2661777

27 KB
12 KB

75ms
22ms

Document
text/html

139.45.197.244
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://forooqso.tv/4/2661777
Requested by: Host: a.we-are-anon.com
URL: https://a.we-are-anon.com/h/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 762a76df991112d8f3936010a14e5f8f3dbde00d29107d35dc247b3582df0c68

Request headers

Referer: https://a.we-are-anon.com/h/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Wed, 20 Sep 2023 21:20:34 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache no-cache
server: nginx
timing-allow-origin: *
x-trace-id: 3a8ce3e241eedfd438a67cb4683007db

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 809d1cf86b331ac7-FRA
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://forooqso.tv/4/2661777
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUH0DImqtothSUq3MrkMhnGL705sIZX2H8rubZRFnBjcB56WTP4Q0C2sckjze%2FxF%2BCEQhYTGeFU6Tz3w9XKYGzTUk0msPdLYc6DwbN0tdy9qMwW0ye8GAtHsnOikxaM7HD0K958MnVmRayXMQINE2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 69ms
12ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=cb2b05f3907a46e1a2afc3471ee348f3

Requested by

Host: forooqso.tv
URL: https://forooqso.tv/4/2661777

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://forooqso.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:34 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
464 B 63ms
12ms XHR
text/plain 139.45.195.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by: Host: forooqso.tv
URL: https://forooqso.tv/4/2661777
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://forooqso.tv/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 20 Sep 2023 21:20:34 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://forooqso.tv
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2

200

/ Show response
wholedailyjournal.com/
Redirect Chain

https://forooqso.tv/?z=2661777&syncedCookie=true&rhd=false
https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

40 KB
13 KB

133ms
72ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: be7f059f173ef0f9a208c98d05bddb4e2a9351961aae614a42c8ae515b757a23

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://forooqso.tv
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 809d1cfaa9da18e9-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHo8xFAA8%2Bk7tmsDOtiqEvOfqwKiHGpFyv0eP%2FTu4RSmx8wibBRqfc2ng4%2FTOgP9OqI%2BcBD3Gy7qY4hVqDQwNdA8jI7JjkniNz89QUoM6Kd8gHfllrm34JsJ9TfKb2o4W%2FIb2wHQelk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://forooqso.tv
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 0
date: Wed, 20 Sep 2023 21:20:34 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://wholedailyjournal.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
pragma: no-cache
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: f24f7618d54f6e71ca3f83e58b45a63a

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
547 B 13ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=fc8d16ae072f64cfb3e0acae5ae97841

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

06d0388526ed3351bfdc709d4378a57a295b33c22980da27c6b9cfea66d8c855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wholedailyjournal.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 micro.tag.min.js Show response
wholedailyjournal.com/pfe/current/ 26 KB
10 KB 37ms
36ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0902f69ebed38e29e2de16ad44c314d1510fc88b2187dee42c506aae7b67aec3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

pragma: no-cache
date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 18 Sep 2023 12:11:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65083e7c-68a0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70ObYEWX6i%2BTKfty%2B7LGkYB2DyWs%2FfxT9QEhS9W4iNnk4Duuv%2FbBZ%2BzHm4sjh9%2BZzrkEWxPbOa5ULmVbWZWE0iHOMcRjq9cL%2Fwo9pn3PsK%2FMHKo%2FD8xBUkVmuxSmI5UcG8rrVeFXZW4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 809d1cfb3aab18e9-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
wholedailyjournal.com/19/4662728/ 3 KB
2 KB 28ms
27ms XHR
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=2661777&var3=728472236385899164&ymid=&rhd=1

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85ccc764bf8a1df419ece7b381b8a4ac8cebe30c3d391bcec671b4f2fd475309

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: f81394e2c85a0beb3cac631e6d436e05
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YlKSF4BQtaH8s1Je3u4bsSEZO0MinmJxsBWPOya4h5C4GH8xVYBT3UKBQaXZFV5Oge4x%2BRL3ESYVsj%2FKP0OugauUYFjDSheaHVALWIukLLVzFe1kNZqfvc%2FO%2FoGnX7ZsJ39dHQMXLBg%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 809d1cfb4abb18e9-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 / Show response
wholedailyjournal.com/ 2 B
418 B 35ms
34ms XHR
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJARDvMohaYqCOVMv8Oux0AaQJxHn4b%2FsLCazmi%2BT9xOOV%2FL9aL%2FxO7dXZY3JHWSlrksg6xN0UE3kLkOQSDbg8dDK0InYK6Am4xIVAfcw5h0AXw3UX1RFOUPNRoT2aPhSsAy9dp4eYU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 809d1cfb5ac018e9-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rhd
wholedailyjournal.com/ 2 KB
3 KB 50ms
50ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/rhd?rb=jk6fsKj_H_9xziuOaQw8GleSUm-7gUa8eZrEAOh6_els6KPfYlF4tFGHrkXdkA-3eAuO8UAM0alnzUSY3CcaOJ2irRPyVfSEu00vR97dOi81f63twuV3vCrkgcmQrBPK44uK3xr1NfzEENs29Sw08btKBvgvfWVOszEUWS1rzb5V8ncctwW6njS6Mae1MrmnmRisHoUOBNDtPmABEfz1I858roCoreZXhvJO87PrJSzMLPxKCYIWhWAyXDjllrJRsgBv6ze6dG8Kdb7BZGxcV-gGMo63DQnBM06A-gymw65N1mho3RaVUkLhBrIpDpf-ysYtI265fj-GvaJ0w2IwZxoHY5rc4A4RIBhTMOLR4l7i6SVydzZhN35r9GIolVsOUGrahbH8p265DQJBcE1JOYJu4DxGzLgrT0o5i4QDrNwoI-G6c5zHr9apGTzu8jCqpo4P-pXWfA3tkrKlhyIGzadoFwJ3tbO1R9xdxObmjif95g-_I_r1rEHctK2QpKHzjX2Yng0BMXJLdWm0&request_ab2=150010&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D728472236385899164%26ssk%3Db40ad524fc68e02b2dfc4a134ba72603%26svar%3D1695244834%26z%3D2661777%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=2661777&var3=728472236385899164&ymid=&rhd=1&m=link

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: ed48e07722a3c003805012a258f1d6fc
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvPNaaAXuzSHTkh9gFP77OiJB8DKpl%2BctQFf4IOcZDbeTs5yvnBY2eAd%2BwNPOfmVPubTbB%2F7etyu8V0XG8KbwFIWNzJUXjzZBHE7WNE7YkmXmgZu2vySpzKCkTWcRmHih9HtccS1Zzk%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 809d1cfb8f449963-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 4662709
wholedailyjournal.com/sw-check-permissions/ 0
956 B 36ms
36ms Other
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/sw-check-permissions/4662709?var=2661777&ymid=728472236385899164&uhd=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cLR5XdJoFWV6bDGgI4A3PDe2YCa39hzirXRxf082vB7NspFRHTBwyPeFU2FlU2JC15gITsWxoRrf6%2BJodeleJiYzZgJO7lr%2BFXNlcQPTJrORULEfWDDLVsnEijZWOEjqY%2BLPpxQX2kI%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 809d1cfb9f6c9963-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
wholedailyjournal.com/ 0
490 B 49ms
49ms Ping
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=2661777&ymid=728472236385899164&var_3=&var_4=&dsig=&tg=1&action=prerequest

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

x-trace-id: ebee5d7d0245ec88769cd89029a55ab9
date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnVrVTZGAHAwksHAJR3ecPIPF7nDukVlbBiV5UGlVem8i450Slmlz8BgHOKE%2F3Ur96m6MGb8oyWvlU4KggvksUo%2BZyHz1dci66qB5GwzPM2UKJvDtzfvfB9iOmiAuYqJg9tWEom96WY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://wholedailyjournal.com
access-control-allow-credentials: true
cf-ray: 809d1cfb9f679963-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js
my.rtmark.net/ 65 B
547 B 13ms
12ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=728472236385899164&var=2661777

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wholedailyjournal.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
wholedailyjournal.com/ 797 B
981 B 26ms
25ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=2661777&ymid=728472236385899164&var_3=&var_4=&dsig=&tg=1&action=settings

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 8df929c69aec981d9ab978ec6aab1183
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIbsn693uZ%2FLfAPzxMzGPreWS%2BU89AGlV6A3Wg9f2Q3Rx3xLeQ7l3KQMTLVQnlMtFLsLG4S6l9B6XqUlkElrFKWQMcF%2BFvQMMTheK62WvADi82RCeVSLtBXE9Xe0cJcFWqR4IzDgfro%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 809d1cfbbf909963-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 / Show response
wholedailyjournal.com/ 40 KB
13 KB 93ms
93ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: edd0f8c7cd60a396f040062bb7ce7f8755d4f54fc7b6f36131f69ba129fb3b74

Request headers

Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 809d1cfbdfb09963-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h2wsQqy4GNBrSMvV97dcCtlLc5kixiQjWHhvSujxrcfjWVB%2BSBQvv0zaO6O8bMAgxRKAUhAGSl5q21QFJZ7cv0VIM5GqCYdjB9I9U%2B%2F2dHKcnFoQJKE7a2MBlI3juwGRt74H5nGw7w%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H3 200 micro.tag.min.js Show response
wholedailyjournal.com/pfe/current/ 26 KB
11 KB 37ms
36ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0902f69ebed38e29e2de16ad44c314d1510fc88b2187dee42c506aae7b67aec3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

pragma: no-cache
date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 18 Sep 2023 12:11:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65083e7c-68a0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFXwwyz4PC6d4eOUCdmG58YqdumDlBuLI5xlvfy14uNyb2bmU9M%2Bx4awQz3ni30icVga6GBw%2FMFAnfNPcEp5LOA1MPPaizS7r0MLiWVod8GPV7OtTFVRyMfbO%2FvATRZ94Q9p7kZrPXc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 809d1cfc887b9963-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

Content-Type: image/svg+xml

GET
H3 200 / Show response
wholedailyjournal.com/19/4662728/ 3 KB
3 KB 24ms
24ms XHR
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=2661777&var3=728472236385899164&ymid=&rhd=1

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ed15622d704a7c183344244bbc87f96638c0e8ccac4f9586263cc1e61216555

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: f55282ca02a1e00d50c5106cad4f1e46
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjrPWxb6cg8D2OFvrj3y1nY9gTo5QH5qFXqcaD9AWC7P8YTX6xdSVA122TxC2fEJ5vndWsN1A0RTk7fl9pNLzFrXf1vO5uPopvR%2F1wl1ZJpaSY6J%2FNF9bwQDWVlU%2BaAxZZdehVLTOFY%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 809d1cfc88849963-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H3 200 / Show response
wholedailyjournal.com/ 2 B
532 B 28ms
28ms XHR
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2&mprtr=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9fd54avbQC5iNc%2FP%2F6PZb17WmjAbQigEsz2fI9nTwA0MkAumOHpOTg0l2KKPLlCP6%2B2m5dISN9r85OhcG1HXqboRkd0gnxVElbS83XKO3X4hzeONpIsOFjM0L74P6jGfjeETbwE1Mo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 809d1cfc98879963-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 4662709
wholedailyjournal.com/sw-check-permissions/ 0
953 B 28ms
28ms Other
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wholedailyjournal.com/sw-check-permissions/4662709?var=2661777&ymid=728472236385899164&uhd=1
Requested by: Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWZginXfy9PP3F7b2r6Ph1bX6NoPgex4y%2FqkbQOEPPfuNItZLbQIiunzwkMcOUzzWh%2FkBPX4ETAnh1dU6FX1tjvEiLEj5NCl17aY1Z0vcfB6fmS1Z3MAqep38t3quzc414O08g0ZFfU%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 809d1cfcc8c19963-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
wholedailyjournal.com/ 0
495 B 29ms
29ms Ping
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=2661777&ymid=728472236385899164&var_3=&var_4=&dsig=&tg=1&action=prerequest

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

x-trace-id: b5d0c4bbc0161d6f9c2504f96ad59364
date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Armg2utKZEPnL8PVdm%2FTlc7zo7UHhInzvJZ12Ht51AdCJviYu0xw0Ce%2FIDMsOfqgf%2Bg%2B3mXINdbdcdKbfh4i5xw2sCBR552tHnAmj%2FqcMQbfOk4HDncEetJ9zXqs0e%2F%2F7IZu3A4Iat0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://wholedailyjournal.com
access-control-allow-credentials: true
cf-ray: 809d1cfcc8c39963-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
547 B 14ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=728472236385899164&var=2661777

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

06d0388526ed3351bfdc709d4378a57a295b33c22980da27c6b9cfea66d8c855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wholedailyjournal.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone Show response
wholedailyjournal.com/ 797 B
982 B 22ms
21ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=2661777&ymid=728472236385899164&var_3=&var_4=&dsig=&tg=1&action=settings

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=728472236385899164&var=2661777&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe370123a758b047dc303dc029367a15b5f5a3cfd0585eba77e7a60b4bbd305

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wholedailyjournal.com/?s=728472236385899164&ssk=b40ad524fc68e02b2dfc4a134ba72603&svar=1695244834&z=2661777&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: c959401bdcbb5282d71544f8f386d2d9
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xfSfyM9DxZGORQ2bnLPDfXBdx53cjFRBYvSDDrZKeBfQ929SS1R2tffs2xP6fBh9%2BRI9FFwWUrhkPl%2Bv54Y5aNqdfOzj2icSt2n10g%2BdO8LGnjvHHjN7%2FL1FMedc6KmErYjzbxZqrLU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 809d1cfcd8d49963-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 /
wholedailyjournal.com/submenu/4662728/ 933 B
2 KB 44ms
44ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wholedailyjournal.com/submenu/4662728/?rhd=1&var=2661777&var3=728472236385899164&oaid=fc8d16ae072f64cfb3e0acae5ae97841

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 809d1d001c1e9963-FRA
content-length: 933
content-type: text/html; charset=utf8
date: Wed, 20 Sep 2023 21:20:35 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://omklefkior.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFOl5wdYGMa9OS9heGZQepERDDt044O4AruP%2FwU6%2FkWZYCyT7yq8nFLnikuozW4wkPeRWqwpm55P4%2B1vPUiKK%2Fdv7uls3dp4s%2BzCC0NllrpemW4pibyyLV3Q2iSv7Ol532%2FN9A2m7b8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=1
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: db2e0ab0cff9fd3c261b9b08cc777b80

GET
H2 200 Primary Request / Show response
omklefkior.com/ 20 KB
5 KB 68ms
18ms Document
text/html 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omklefkior.com/?t=0&ymid=728472239288366030

Requested by

Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/submenu/4662728/?rhd=1&var=2661777&var3=728472236385899164&oaid=fc8d16ae072f64cfb3e0acae5ae97841

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 21:20:35 GMT
etag: W/"50f6-18a8e452dc8"
last-modified: Wed, 13 Sep 2023 11:20:13 GMT
server: nginx
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 animate.css
omklefkior.com/Attention_files/ 78 KB
4 KB 15ms
15ms Stylesheet
text/css 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omklefkior.com/Attention_files/animate.css

Requested by

Host: omklefkior.com
URL: https://omklefkior.com/?t=0&ymid=728472239288366030

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://omklefkior.com/?t=0&ymid=728472239288366030
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 11:20:13 GMT
server: nginx
content-encoding: br
etag: W/"1361f-18a8e452dc8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 qrcode.js Show response
omklefkior.com/ 32 KB
9 KB 15ms
15ms Script
application/javascript 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omklefkior.com/qrcode.js

Requested by

Host: omklefkior.com
URL: https://omklefkior.com/?t=0&ymid=728472239288366030

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://omklefkior.com/?t=0&ymid=728472239288366030
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 11:20:13 GMT
server: nginx
content-encoding: br
etag: W/"80f0-18a8e452dc8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 new_free.svg
omklefkior.com/Attention_files/ 2 KB
2 KB 13ms
13ms Image
image/svg+xml 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://omklefkior.com/Attention_files/new_free.svg

Requested by

Host: omklefkior.com
URL: https://omklefkior.com/?t=0&ymid=728472239288366030

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://omklefkior.com/?t=0&ymid=728472239288366030
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 11:20:13 GMT
server: nginx
etag: W/"609-18a8e452dc8"
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1545

GET
H2 200 loading.svg
omklefkior.com/Attention_files/ 386 B
600 B 13ms
12ms Image
image/svg+xml 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://omklefkior.com/Attention_files/loading.svg

Requested by

Host: omklefkior.com
URL: https://omklefkior.com/?t=0&ymid=728472239288366030

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://omklefkior.com/?t=0&ymid=728472239288366030
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 11:20:13 GMT
server: nginx
etag: W/"182-18a8e452dc8"
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 386

GET 6ev856leuu6
omklefkior.com/w/ 0
0

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

Content-Type: image/gif

GET
H2 404 bg.gif
omklefkior.com/assets/ 152 B
152 B 12ms
12ms Image
text/html 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://omklefkior.com/assets/bg.gif

Requested by

Host: omklefkior.com
URL: https://omklefkior.com/?t=0&ymid=728472239288366030

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ddf752a709ef05084d8373b3a377fe1971fc1338ce81d4ab3a16d00ed5f1a46a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://omklefkior.com/?t=0&ymid=728472239288366030
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

date: Wed, 20 Sep 2023 21:20:36 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4392fcf2a16f8cafe57aa4b04ceb138c92e8de19c49228bddf598124b5691438

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 OPR/77.0.4054.277

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: omklefkior.com
URL: https://omklefkior.com/w/6ev856leuu6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
vpnlist.site/	1970-01-20 14:55:31	Name: view Value: 1
vpnlist.site/	1969-12-31 23:59:59	Name: PHPSESSID Value: v9il0md3p6n0m60p1u22b9tbka
vpop2.com/	1970-01-20 14:55:31	Name: view Value: 1
vpop2.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3ofgqfhntmod0c9kaa085utegi
a.we-are-anon.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 450bqetuscjkilu8l86l694us4
a.we-are-anon.com/	1970-01-20 14:55:31	Name: view Value: 1
forooqso.tv/	1970-01-20 23:39:40	Name: OAID Value: cb2b05f3907a46e1a2afc3471ee348f3
forooqso.tv/	1970-01-20 23:39:40	Name: oaidts Value: 1695244834
my.rtmark.net/	1970-01-20 23:39:40	Name: ID Value: cb2b05f3907a46e1a2afc3471ee348f3
forooqso.tv/	1970-01-20 15:04:09	Name: syncedCookie Value: true
wholedailyjournal.com/	1970-01-20 23:39:40	Name: oaidts Value: 1695244835
wholedailyjournal.com/	1970-01-20 15:04:09	Name: syncedCookie Value: true
wholedailyjournal.com/	1970-01-20 23:39:40	Name: OAID Value: fc8d16ae072f64cfb3e0acae5ae97841
wholedailyjournal.com/	1970-01-20 14:54:04	Name: prefetchAd_4662728 Value: true
wholedailyjournal.com/	1970-01-20 14:54:08	Name: reverse Value: 6QIpcDM90XPxaZt7M2N9qtwPpqPUCqphHj9RudO4rHg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://omklefkior.com/assets/bg.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.we-are-anon.com
datatechone.com
forooqso.tv
my.rtmark.net
omklefkior.com
vpnlist.site
vpop2.com
wholedailyjournal.com
omklefkior.com
139.45.195.253
139.45.195.8
139.45.197.167
139.45.197.244
188.114.97.3
2606:4700:3030::ac43:8a93
2606:4700:3031::ac43:8dd4
2606:4700:3037::6815:40b5
06d0388526ed3351bfdc709d4378a57a295b33c22980da27c6b9cfea66d8c855
0902f69ebed38e29e2de16ad44c314d1510fc88b2187dee42c506aae7b67aec3
4392fcf2a16f8cafe57aa4b04ceb138c92e8de19c49228bddf598124b5691438
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
6ed15622d704a7c183344244bbc87f96638c0e8ccac4f9586263cc1e61216555
762a76df991112d8f3936010a14e5f8f3dbde00d29107d35dc247b3582df0c68
85ccc764bf8a1df419ece7b381b8a4ac8cebe30c3d391bcec671b4f2fd475309
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
be7f059f173ef0f9a208c98d05bddb4e2a9351961aae614a42c8ae515b757a23
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7
d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451
ddf752a709ef05084d8373b3a377fe1971fc1338ce81d4ab3a16d00ed5f1a46a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebe370123a758b047dc303dc029367a15b5f5a3cfd0585eba77e7a60b4bbd305
edd0f8c7cd60a396f040062bb7ce7f8755d4f54fc7b6f36131f69ba129fb3b74

omklefkior.com Open in urlscan Pro 139.45.197.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

97 %HTTPS

38 %IPv6

8 Domains

8 Subdomains

7 IPs

3 Countries

106 kBTransfer

321 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

omklefkior.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

97 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

106 kB
Transfer

321 kB
Size

15
Cookies

30 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!