bnr.hyperadsdesign.com Open in urlscan Pro
3.219.198.131  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://whairtoa.com/4/5974651 Page URL
2. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
3. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
4. https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

• https://monetoad.com/redir/clickGate.php?u=u68EH62H&p=l2u27PvnOu&m=30&url=https%3A%2F%2Fwww.demon-tweeks.com&s=64f70d0fcba60a324389d704-RL-367469 HTTP 301
• https://www.awin1.com/cread.php?awinmid=6538&awinaffid=101248&clickref=3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl&clickref3=mt132948_a143012_p240668_cGB&clickref2=https%3A%2F%2Fwww.bigperformancelab.com%2F HTTP 302
• https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	5974651 whairtoa.com/4/	1 KB 2 KB	130ms 40ms	Document text/html	139.45.197.238 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://whairtoa.com/4/5974651 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB), Reverse DNS Software nginx / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 access-control-allow-credentials true access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding access-control-allow-methods GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE access-control-allow-origin * * access-control-max-age 86400 cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=utf8 date Tue, 05 Sep 2023 11:12:13 GMT expires Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT link <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://wholedailyjournal.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch" pragma no-cache no-cache server nginx timing-allow-origin * x-trace-id fecd18d94c1090fca96dea6f94c3ffd4
POST H2	200	img.gif my.rtmark.net/	43 B 504 B	150ms 45ms	Ping image/gif	139.45.195.8 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/img.gif?f=merge&userId=61908ec32e4342c9b8e5d8a512e3b3dd Requested by Host: whairtoa.com URL: https://whairtoa.com/4/5974651 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:13 GMT strict-transport-security max-age=1 x-content-type-options nosniff server nginx access-control-allow-methods POST, GET, OPTIONS, PUT, DELETE content-type image/gif access-control-allow-origin https://whairtoa.com access-control-expose-headers Authorization access-control-allow-credentials true timing-allow-origin *, * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token content-length 43
GET H2	200	/ Show response wholedailyjournal.com/	40 KB 13 KB	211ms 132ms	Document text/html	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Requested by Host: whairtoa.com URL: https://whairtoa.com/4/5974651 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash d749b538eb8d44d2b23c265c13e182448b45ac5e69c2ffa6305fc1cd4cc9079c Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range access-control-allow-methods GET, POST, OPTIONS, HEAD access-control-allow-origin * access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 801e09360a5148b6-LHR content-encoding br content-type text/html; charset=UTF-8 date Tue, 05 Sep 2023 11:12:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NR73EVL2EfdDk9YcbOwn14fgvL%2Fo%2BHmwKdv5RPh1jQyWICoSG6ZlPpnUZdtW1%2FSMNAG34C94nBJsF6VPeEl2qEUFNidh3lO9ReciZVpMcHkVuBkWtdxDrnnj1Q0K63jWauj5f1fxkLA%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	gid.js Show response my.rtmark.net/	65 B 547 B	47ms 47ms	Fetch application/json	139.45.195.8 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/gid.js?userId=b212172eac8dc60ebd13e57edabfa37e Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB), Reverse DNS Software nginx / Resource Hash 9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:13 GMT strict-transport-security max-age=1 x-content-type-options nosniff server nginx access-control-allow-methods POST, GET, OPTIONS, PUT, DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://wholedailyjournal.com access-control-expose-headers Authorization access-control-allow-credentials true timing-allow-origin *, * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token content-length 65
GET H2	200	micro.tag.min.js Show response wholedailyjournal.com/pfe/current/	26 KB 10 KB	71ms 71ms	Script application/javascript	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049 Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers pragma no-cache date Tue, 05 Sep 2023 11:12:13 GMT content-encoding br cf-cache-status MISS last-modified Fri, 01 Sep 2023 13:37:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64f1e924-68a0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXdq23XHYVrKzHI71o%2FLjNWQ91E%2By5qVQ%2F8OH8G7h1tVebEFQ%2BxKj%2BAXvprcKBDDqxEVA%2BLLLHwwyvSLt3D9K3wHiFiVdkxK%2BpMAc4z59k%2BpuqeXnrdPvbOI%2BIUQij9Q8appUc7Z6lA%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 access-control-allow-credentials true cf-ray 801e0936fbba48b6-LHR alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	327 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/svg+xml
POST H2	200	/ Show response wholedailyjournal.com/	2 B 429 B	65ms 65ms	XHR application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.24 Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:13 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.24 vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q09xtlWEuwZv0awWPI5tQ0jtvIZIFeWxPwBzemtvGEUhx47fPEe6ffjaAKGtbXps4dMWIn4LzXf2hyv4jHLjKRPh8jUMgIRAQtFKoTc9V%2BZY%2Be87MrWXHIAZpGuQDtZpwNLstwj3gFk%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 801e0936fbc948b6-LHR access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type alt-svc h3=":443"; ma=86400
GET H2	200	/ Show response wholedailyjournal.com/19/4662728/	3 KB 2 KB	105ms 105ms	XHR application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=5974651&var3=722883316323463928&ymid=&rhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbb6075392eec216d9f819805b41b00e07af857fb38610ba54f1456ac09358b2 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:13 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-trace-id fb277a2be031dfb618c218bd249f104f pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 server cloudflare vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Obe%2BPjs4dEwf4bSp2i4Psaq8OzTc9wvt6azHFfKfwNZBr3P7VCXFyyYT3qW9%2FeZMNW55Hxm8j8qZZxBuvudfsljEfUN2aFmIOgKBC8HBd8fwQJlBHU1FTmDthsdlknlt%2FooRLM7dLR8%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 86400 access-control-allow-credentials true cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 timing-allow-origin * link <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch" access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace cf-ray 801e09370bdb48b6-LHR expires Tue, 11 Jan 1994 10:00:00 GMT
GET H3	200	rhd wholedailyjournal.com/	3 KB 3 KB	64ms 63ms	Fetch application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/rhd?rb=e5UVuA_yBijGU6jvB186Kzorkz5iiz7DAwKJevUxfpMdrA37WY4jJLEt8rO07bIltdFPN1rYxL78t04NTlaqv5rGOLs-r2VK4ao_CLRcA2k94dPUe5CL8VnlgvBxkO7b89_GCHcmYdNOxr6DgSSBZVQwSTkYno1C45YCCLjZi3OGOm5VY0vg6mjUy5Z30ol0_AJIBh3c30Yf4Pjp1a_g0AACymdUP36VeK1IzJK1f-QLoHmpp91m3fTFLXPt14PT2HS5sSF7lkURPkz3Ny_A8Ywz4XLm40UgnJ8OFuN70tODaYJLr6CpQp8AQpoSo_Kww0fELiQsQaQe20asx8x-0RcwJ_kOKGlhEJ5Hf0ogCBwWR5xIHmgR634drKo2Qu2H0IcEeI5wT8YhZ5aiAEJE3oM23V5syb-zcnv-2rpe_zKSe7xoTCeozUm8BXvb2mdivxgQOtrHpj5NIQW5Ggyk5VAckeGtI2RhUHkWPNwLop1C9pxY&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5974651&var3=722883316323463928&ymid=&rhd=1&m=link Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-trace-id ffd51424ea5b42b10709326828100de3 pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 server cloudflare vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZJNMUbHa8iEaGVjP%2FMW8%2FvfMNvVesM4Fn%2Fr5lJwKrcFm0DDj3PNFYkxLzm18i5lMOJgAn2J4IFNogcV3yPVlbv%2B651X3A2e6dO%2F3OHk6%2FT7%2FPs95hWNWl6SHkVpGHYOrZ5JP9dgZbA%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 86400 access-control-allow-credentials true cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 timing-allow-origin * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace cf-ray 801e0937bbfed17c-LHR expires Tue, 11 Jan 1994 10:00:00 GMT
GET H3	200	4662709 wholedailyjournal.com/sw-check-permissions/	0 958 B	73ms 73ms	Other application/javascript	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/sw-check-permissions/4662709?var=5974651&ymid=722883316323463928&uhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.24 Resource Hash Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.24 vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS, HEAD content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTvDrie%2FA4Hn1tff8RIMfZxjWTKsBruUC3VUjEZJC2OlicP5z2VvpwrIGZBxPlDvAw6hHfvLCMWzcj6dFqxxQLd%2B6MgSK5ghdCBChU7GNiGWMhaE6I7Tp%2FnEKeqJlpUc4zEV%2FvVbF9U%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range cf-ray 801e0937cc21d17c-LHR access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range alt-svc h3=":443"; ma=86400
POST H3	200	zone wholedailyjournal.com/	0 491 B	57ms 57ms	Ping text/plain	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=prerequest Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers x-trace-id 99421ca4485ba65c131853550285529a date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u69fLBEYY9s1R4VEdbozV0Dmd8aXnW56PVpG7%2BR9KM9Ohaz8gIiP4BBfqRQM7zTnuMaxPLuqt9%2FjdnaMyZUZ43G%2FGogKSFeewSQ1rd39mqYdS6fcuUgFBv2AiALhLygrqsqsngh5eus%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://wholedailyjournal.com access-control-allow-credentials true cf-ray 801e0937cc26d17c-LHR access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 0 alt-svc h3=":443"; ma=86400
GET H2	200	gid.js my.rtmark.net/	65 B 547 B	50ms 49ms	Fetch application/json	139.45.195.8 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=722883316323463928&var=5974651 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff server nginx access-control-allow-methods POST, GET, OPTIONS, PUT, DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://wholedailyjournal.com access-control-expose-headers Authorization access-control-allow-credentials true timing-allow-origin *, * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token content-length 65
GET H3	200	zone wholedailyjournal.com/	798 B 982 B	75ms 74ms	Fetch application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=settings Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br alt-svc h3=":443"; ma=86400 x-trace-id 3dfd2a9713f54bf8c3830cafe2d8493e server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8m0x8V5FbqHFHfbqnBznrIT8oeSstAg91NT76rvlwf1EvOALjtKM9HO1AeQf%2B3NxCZwEu83fCYt7B7hBqMbxpcYxvVvvqKQgBqDMESwKz9Y%2BTq1RyCqhL4ExgBSzkPMElEP8MuNR2I8%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true cf-ray 801e0937dc52d17c-LHR access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept
GET H3	200	/ Show response wholedailyjournal.com/	40 KB 13 KB	115ms 115ms	Document text/html	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.24 Resource Hash f9ff48834ed28fad5ffaec1cd0ffb4960750a003b108a6970ef6eea86bff147b Request headers Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range access-control-allow-methods GET, POST, OPTIONS, HEAD access-control-allow-origin * access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 801e09383cd9d17c-LHR content-encoding br content-type text/html; charset=UTF-8 date Tue, 05 Sep 2023 11:12:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3INlLcpOhcQeXGlgjul6oR1zLbHqVwtJIomVY6aLcJhkFF2BCXblmGPVt8L9FCt9duRbDCGv%2BFp%2BHMKnwV99LGo07xXwjvb9XbMT9CzNUNkvBb3MODaBAj6tsSS%2FUC1s%2FbS9GhawH8%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.24
GET H3	200	micro.tag.min.js Show response wholedailyjournal.com/pfe/current/	26 KB 10 KB	58ms 58ms	Script application/javascript	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049 Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers pragma no-cache date Tue, 05 Sep 2023 11:12:14 GMT content-encoding br cf-cache-status MISS last-modified Fri, 01 Sep 2023 13:37:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64f1e924-68a0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v6Fs9d09o8sYm44LZdreTcViOTQ6m96XWEWhZ%2BGSdMmOMu8FKeAYcL2siCNFPAcP4uQMnQ1km7N79%2FIYBMBV2X7DbHWICqgMwPht6Kg2oFG%2Fjnt6X4uGUUZZa1Z46OLJNf4kh9f9qs%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 access-control-allow-credentials true cf-ray 801e0938fe52d17c-LHR alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	327 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	/ Show response wholedailyjournal.com/19/4662728/	3 KB 3 KB	57ms 57ms	XHR application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=5974651&var3=722883316323463928&ymid=&rhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22d22af73402a644c85d142c0037ccea4eeb3b1a431d64c53729c2299a3565ce Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-trace-id 9bd542aef6b528f6466eaabdf0042610 pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 server cloudflare vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkuEVMVKreQE34NqBYRMe%2FpWVMX8rgwZQARXrOkal9YKm5k1txwWeuzTqyRuCqFrQXwhzPEKcpFTEfCeT%2B2mOXYvH3HC%2FJpPnAsHfBMRZ%2Bw%2Ff6tmev8fA%2B01rukQfD26vyLSuQKa6cM%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 86400 access-control-allow-credentials true cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 timing-allow-origin * link <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch" access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace cf-ray 801e09390e58d17c-LHR expires Tue, 11 Jan 1994 10:00:00 GMT
POST H3	200	/ Show response wholedailyjournal.com/	2 B 536 B	59ms 58ms	XHR application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2&mprtr=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.26 Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.26 vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47WCQo0gEDEDTL%2B0YCOMZO9NaWXaWIVwSrGiZfEciXGiuMZYCfUoHRhOCSFCH2jbsEkbOK1A%2FPvScPOLIDgYoGjRly0y0tee%2BQPMBe1zgxXWCKjs6eZyvuKSigIuDqPQf8SEpE4%2FOE8%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 801e09392e8cd17c-LHR access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type alt-svc h3=":443"; ma=86400
GET H3	200	rhd Show response wholedailyjournal.com/	3 KB 3 KB	135ms 135ms	Fetch application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/rhd?rb=9MVOCladbgf4ZcrRcvEIqBYGi4jETCxJQS1NU2XVStxKI7tcBXo9bEyvZ2Vnbof9kBu2w8JT0tjcSxup_YeAnsMziIS67QE86hOBdbIdPVZ4K6J9uIg-6nlDFj4QiBT9KQo-l-vNXphwQSefKhNPz34cpKJAN-uDhImUSFAwD8DuV-jgQ-sLanLdaGL0a_hU4hb2SgT_xjAhqHLoCErRxq1BwQVbk_HjGePR-Sw_J6jxcyeRZ-O_jFirWxwvInxSJTs2vAH5XXitnH7Vz19j6FxBP9p7Oxnl42kdkiXT4n7aRJF_EAjCNdAqp4M0A1_zTye-7mfodw9FeTiWUG-b_Kp7-wBeie_b8LwEjzxCHmaXOiR4AvNnJn3NLHCrKFYXcALMJaeEgGkMiKhPbdxvSEzL4RQrpa8uwqmTD8zHTMdB6TQu8klHqYiKKSodk1dgtXRcMwjYzcKUvQcQprQQubTC6eo7KIZeETooVOFek_1L163fx04_w-pp-x8%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26rdc%3D2&drf=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5974651&var3=722883316323463928&ymid=&rhd=1&m=link Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 811ddb3dd6d2276dc2a4460879450e6e73a47f8b1a0ec4c85b6c3ae3a23c73e3 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-trace-id fe3c993b57f3013402386a708f55aa6d pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 server cloudflare vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPwo1iSLeiNwy91GQnMYLkthgsZ28hVWGjbabolGlEQrymYLxkLnQ9AsD3IN7zV1AeQV7OdvMZzWsy7hSTe0uA%2B2HCoslnm9c2eyFInYuM7hG6RU5xoXxa%2BAhiHdCjhLp4w8sWFmZ4A%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 86400 access-control-allow-credentials true cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 timing-allow-origin * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace cf-ray 801e09396ef9d17c-LHR expires Tue, 11 Jan 1994 10:00:00 GMT
GET H3	200	4662709 wholedailyjournal.com/sw-check-permissions/	0 957 B	60ms 60ms	Other application/javascript	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/sw-check-permissions/4662709?var=5974651&ymid=722883316323463928&uhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.33 vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS, HEAD content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2B8zenNJnXoUdb7cosHUsk9EbbcLpg6hasMye3SKeRc%2BnfwfP7cOJcxl8sBoD89MVH92A33pZmKy15N84FZfUuPZwQPEkyzjHCXGvq7%2FHN67YPFJK62vZW5Fq3xB%2BI0DlNbULvPUIEI%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range cf-ray 801e09396f00d17c-LHR access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range alt-svc h3=":443"; ma=86400
POST H3	200	zone wholedailyjournal.com/	0 492 B	48ms 48ms	Ping text/plain	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=prerequest Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers x-trace-id b4d32198cec32aed887836a5a76b7d6a date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fy%2BTsNqr2BB8jSfnLAvBeoZUHdtDYsXxHvVvRteR1gdvcr5qE3v7fWq46ar8frXZKFOXru2Qe6M7B%2FlrLib3RSJd%2BUPilt7tWJIA%2Fk8bRuWttEv49u2DriUj50qL3J6ooeEOYH43FtE%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://wholedailyjournal.com access-control-allow-credentials true cf-ray 801e09396f01d17c-LHR access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 0 alt-svc h3=":443"; ma=86400
GET H2	200	gid.js Show response my.rtmark.net/	65 B 547 B	48ms 47ms	Fetch application/json	139.45.195.8 RETN-AS
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=722883316323463928&var=5974651 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB), Reverse DNS Software nginx / Resource Hash 9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff server nginx access-control-allow-methods POST, GET, OPTIONS, PUT, DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://wholedailyjournal.com access-control-expose-headers Authorization access-control-allow-credentials true timing-allow-origin *, * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token content-length 65
GET H3	200	zone Show response wholedailyjournal.com/	798 B 982 B	57ms 56ms	Fetch application/json	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=settings Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fbfd56b2af6f09fcea733b0d4f15b59b5b9c101a93900c7dcb97808a63333f5d Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br alt-svc h3=":443"; ma=86400 x-trace-id e7186ab88cb615424627b866680e4e17 server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BpwCVQhYVFCrfxnWifRMWrSRdepwyNwUTBl14rnWIdrKJ6krW57iK5y8y%2B%2Fm7n98xQB1%2FwlSxXg3d2teYEmj8vJgqoiBr1y2ACetcid4AWpoNMRckt6fGl69ZbfPePrkVZBE29mtJw%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true cf-ray 801e09397f16d17c-LHR access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept
GET H2	200	Primary Request bAxqvF1d45pWHW4v5AoorosX Show response bnr.hyperadsdesign.com/get/	2 KB 2 KB	515ms 208ms	Document text/html	3.219.198.131 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.219.198.131 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-219-198-131.compute-1.amazonaws.com Software awselb/2.0 / Resource Hash 5167e4dc66a732558510c6e92462e4d56e9127ac598744c772401b60889c7ec5 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers content-length 1681 content-type text/html date Tue, 05 Sep 2023 11:12:15 GMT server awselb/2.0
POST H3	200	cat.php wholedailyjournal.com/	0 764 B	62ms 62ms	Ping text/plain	172.64.161.19 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wholedailyjournal.com/cat.php?userId=b212172eac8dc60ebd13e57edabfa37e&zoneid=4662728&rb=9MVOCladbgf4ZcrRcvEIqBYGi4jETCxJQS1NU2XVStxKI7tcBXo9bEyvZ2Vnbof9kBu2w8JT0tjcSxup_YeAnsMziIS67QE86hOBdbIdPVZ4K6J9uIg-6nlDFj4QiBT9KQo-l-vNXphwQSefKhNPz34cpKJAN-uDhImUSFAwD8DuV-jgQ-sLanLdaGL0a_hU4hb2SgT_xjAhqHLoCErRxq1BwQVbk_HjGePR-Sw_J6jxcyeRZ-O_jFirWxwvInxSJTs2vAH5XXitnH7Vz19j6FxBP9p7Oxnl42kdkiXT4n7aRJF_EAjCNdAqp4M0A1_zTye-7mfodw9FeTiWUG-b_Kp7-wBeie_b8LwEjzxCHmaXOiR4AvNnJn3NLHCrKFYXcALMJaeEgGkMiKhPbdxvSEzL4RQrpa8uwqmTD8zHTMdB6TQu8klHqYiKKSodk1dgtXRcMwjYzcKUvQcQprQQubTC6eo7KIZeETooVOFek_1L163fx04_w-pp-x8=&var=5974651&var3=722883316323463928&ymid=&rhd=1 Requested by Host: wholedailyjournal.com URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers Referer https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 05 Sep 2023 11:12:14 GMT strict-transport-security max-age=1 x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 content-length 0 x-trace-id 1586ae43051f7cc461cdaf0b98cfc121 pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64 server cloudflare access-control-max-age 86400 access-control-allow-methods GET, POST, OPTIONS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wgA%2BeJL5bSypsIW5Or41aUM9IuOOgWiv51aWZSo%2FuG07I69lgnYjUK8RGeb9yxvxf%2B8l67KoETpWbyVpdUQ3kd2g01vRal2UFPTpcXwhWMEuUJMJo7QGSDRwZSl5KaoR1LMfVwyW7g%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://wholedailyjournal.com cache-control no-transform, no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true timing-allow-origin * access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace cf-ray 801e093ced8cd17c-LHR expires Tue, 11 Jan 1994 10:00:00 GMT
GET H2	200	a3d3afe7577cccb9cc96364e66bb813d.png d38dxwbthvbuvi.cloudfront.net/jcm-mm/	570 KB 571 KB	348ms 55ms	Image image/png	2600:9000:223d:fc00:c:cb59:380:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d38dxwbthvbuvi.cloudfront.net/jcm-mm/a3d3afe7577cccb9cc96364e66bb813d.png Requested by Host: bnr.hyperadsdesign.com URL: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223d:fc00:c:cb59:380:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5cfd3c225762e475b902bafa2569160aad910b0403721574f5d935eab86d9948 Request headers accept-language en-GB,en;q=0.9 Referer https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 08:10:04 GMT via 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront) last-modified Thu, 18 May 2023 14:36:18 GMT server AmazonS3 x-amz-cf-pop FRA56-P3 age 10940 x-amz-server-side-encryption AES256 etag "89b85ec4fb75ee6cae061ab7d536aa9f" vary Accept-Encoding x-cache Hit from cloudfront accept-ranges bytes content-length 583445 x-amz-cf-id 6j9XcFsYpT-WhFCZ6KcB_xbJR1el5IiBYi5m3_kt-CUZv-yKPgTqmQ==
GET H2	200	bAxqvF1d45pWHW4v5AoorosX Show response lnk.gameclickads.net/trk/ Frame 01BA	1 KB 2 KB	551ms 267ms	Document text/html	18.193.21.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200 Requested by Host: bnr.hyperadsdesign.com URL: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-193-21-196.eu-central-1.compute.amazonaws.com Software / Resource Hash 5a6aa5ed9b8f60a5f2984fe6a7a94fc9e38314ad11f461388c5d670a0aaaca3d Request headers Referer https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers content-language en-GB content-type text/html;charset=UTF-8 date Tue, 05 Sep 2023 11:12:15 GMT
GET H2	200	c.js Show response lnk.gameclickads.net/js/ Frame 01BA	8 KB 8 KB	46ms 46ms	Script application/javascript	18.193.21.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.gameclickads.net/js/c.js Requested by Host: lnk.gameclickads.net URL: https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-193-21-196.eu-central-1.compute.amazonaws.com Software / Resource Hash e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7 Request headers accept-language en-GB,en;q=0.9 Referer https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 11:12:15 GMT last-modified Thu, 02 Mar 2023 20:36:26 GMT accept-ranges bytes content-length 7804 vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-type application/javascript
GET H2	200	/ Show response lnk.gameclickads.net/ Frame 34A8	1 KB 1 KB	51ms 50ms	Document text/html	18.193.21.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.gameclickads.net/?bt=lnk.perflab-trk.com&ref=&friend=&u=monetoad.com%252Fredir%252FclickGate.php%253Fu%253Du68EH62H%2526p%253Dl2u27PvnOu%2526m%253D30%2526url%253Dhttps%25253A%25252F%25252Fwww.demon-tweeks.com%2526s%253D64f70d0fcba60a324389d704-RL-367469&log=false&type=ROTATOR_LINK&linkId=367469&clickId=64f70d0fcba60a324389d704&br=false Requested by Host: lnk.gameclickads.net URL: https://lnk.gameclickads.net/js/c.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-193-21-196.eu-central-1.compute.amazonaws.com Software / Resource Hash 2d3b3faec91ba56bebde24145d76e379f323dbaf279ef055d4a9f940cb30a19b Request headers Referer https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers content-language en-GB content-type text/html;charset=UTF-8 date Tue, 05 Sep 2023 11:12:16 GMT
POST H2	200	/ Show response lnk.perflab-trk.com/ Frame 34A8	741 B 831 B	218ms 41ms	Document text/html	35.180.93.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.perflab-trk.com/ Requested by Host: lnk.gameclickads.net URL: https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.180.93.95 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-180-93-95.eu-west-3.compute.amazonaws.com Software / Resource Hash 637f3535eb9674cc1fc7fe514a8948e2b4f49c299fe85dd708b34d13021cd02e Request headers Content-Type application/x-www-form-urlencoded Origin https://lnk.gameclickads.net Referer https://lnk.gameclickads.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers content-language en-GB content-type text/html;charset=UTF-8 date Tue, 05 Sep 2023 11:12:16 GMT
GET		/ www.demon-tweeks.com/ Frame 34A8 Redirect Chain https://monetoad.com/redir/clickGate.php?u=u68EH62H&p=l2u27PvnOu&m=30&url=https%3A%2F%2Fwww.demon-tweeks.com&s=64f70d0fcba60a324389d704-RL-367469 https://www.awin1.com/cread.php?awinmid=6538&awinaffid=101248&clickref=3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl&clickref3=mt132948_a143012_p240668_cGB&clickref2=https%3A%2F%2Fwww.bigperforman... https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248	0 0
GET H2	200	/ www.demon-tweeks.com/ Frame 34A8	0 0	96ms 68ms	Document text/html	46.101.53.186 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.demon-tweeks.com/?utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248 Requested by Host: lnk.gameclickads.net URL: https://lnk.gameclickads.net/js/c.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.101.53.186 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Strict-Transport-Security max-age=15638400 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://lnk.gameclickads.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers accept-ranges bytes cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-length 54798 content-security-policy upgrade-insecure-requests; content-type text/html; charset=UTF-8 date Tue, 05 Sep 2023 07:34:44 GMT expires -1 pragma no-cache referrer-policy strict-origin-when-cross-origin strict-origin-when-cross-origin server Apache strict-transport-security max-age=15638400 vary Accept-Encoding x-cache HIT x-content-type-options nosniff x-frame-options SAMEORIGIN SAMEORIGIN x-magento-controlleraction cms/index/index x-ua-compatible IE=edge x-xss-protection 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.demon-tweeks.com

URL

https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture number| vph number| vpw object| jcc

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			whairtoa.com/	1970-01-20 23:17:28	Name: OAID Value: 61908ec32e4342c9b8e5d8a512e3b3dd
			whairtoa.com/	1970-01-20 23:17:28	Name: oaidts Value: 1693912333
			my.rtmark.net/	1970-01-20 23:17:28	Name: ID Value: 61908ec32e4342c9b8e5d8a512e3b3dd
			wholedailyjournal.com/	1970-01-20 23:17:28	Name: oaidts Value: 1693912333
			wholedailyjournal.com/	1970-01-21 00:07:52	Name: syncedCookie Value: true
			wholedailyjournal.com/	1970-01-20 23:17:28	Name: OAID Value: b212172eac8dc60ebd13e57edabfa37e
			wholedailyjournal.com/	1970-01-20 14:31:52	Name: prefetchAd_4662728 Value: true
			wholedailyjournal.com/	1970-01-20 14:31:55	Name: reverse Value: GQeeZiDCyEksDu8-WmuK5ESXh5cLFqqktZL3VCfFY0A
			.lnk.gameclickads.net/	1970-01-20 23:17:28	Name: v Value: t
			.lnk.gameclickads.net/	1970-01-20 23:17:28	Name: cas Value: 3833:2073:2073:1
			.lnk.gameclickads.net/	1970-01-20 23:17:28	Name: rls Value: 367469:2073:2073:1
			.lnk.gameclickads.net/	1970-01-20 23:17:28	Name: com Value: 11620:196:GB:2073:2073:1
			.awin1.com/	1970-01-20 15:15:04	Name: aw6538 Value: 101248|0|0|1693912336|3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl|aw|0
			.awin1.com/	1970-01-20 23:17:28	Name: bId Value: HLEX_64f70d109c67a9.27576750

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.demon-tweeks.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bnr.hyperadsdesign.com
d38dxwbthvbuvi.cloudfront.net
lnk.gameclickads.net
lnk.perflab-trk.com
my.rtmark.net
whairtoa.com
wholedailyjournal.com
www.demon-tweeks.com
www.demon-tweeks.com
139.45.195.8
139.45.197.238
172.64.161.19
18.193.21.196
2600:9000:223d:fc00:c:cb59:380:21
3.219.198.131
35.180.93.95
46.101.53.186
22d22af73402a644c85d142c0037ccea4eeb3b1a431d64c53729c2299a3565ce
2d3b3faec91ba56bebde24145d76e379f323dbaf279ef055d4a9f940cb30a19b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5167e4dc66a732558510c6e92462e4d56e9127ac598744c772401b60889c7ec5
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
5a6aa5ed9b8f60a5f2984fe6a7a94fc9e38314ad11f461388c5d670a0aaaca3d
5cfd3c225762e475b902bafa2569160aad910b0403721574f5d935eab86d9948
637f3535eb9674cc1fc7fe514a8948e2b4f49c299fe85dd708b34d13021cd02e
811ddb3dd6d2276dc2a4460879450e6e73a47f8b1a0ec4c85b6c3ae3a23c73e3
93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049
9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4
cbb6075392eec216d9f819805b41b00e07af857fb38610ba54f1456ac09358b2
d749b538eb8d44d2b23c265c13e182448b45ac5e69c2ffa6305fc1cd4cc9079c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7
f9ff48834ed28fad5ffaec1cd0ffb4960750a003b108a6970ef6eea86bff147b
fbfd56b2af6f09fcea733b0d4f15b59b5b9c101a93900c7dcb97808a63333f5d