mynewsmedia.co Open in urlscan Pro
104.21.51.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ...
Effective URL:
https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Submission: On October 05 via manual (October 5th 2021, 3:56:26 pm UTC) from JP — Scanned from DE

Summary HTTP 64 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 26 domains to perform 64 HTTP transactions. The main IP is 104.21.51.98, located in and belongs to CLOUDFLARENET, US. The main domain is mynewsmedia.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 26th 2020. Valid for: a year.

This is the only time mynewsmedia.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	172.66.40.130 172.66.40.130	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.21.2.80 104.21.2.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	104.21.51.98 104.21.51.98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	216.58.212.168 216.58.212.168	15169 (GOOGLE) (GOOGLE)
2	104.21.90.9 104.21.90.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	178.162.196.156 178.162.196.156	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
2	172.255.6.217 172.255.6.217	7979 (SERVERS-COM) (SERVERS-COM)
1	23.109.82.11 23.109.82.11	7979 (SERVERS-COM) (SERVERS-COM)
2	172.217.18.106 172.217.18.106	15169 (GOOGLE) (GOOGLE)
1	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.208.78 172.67.208.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	104.16.86.20 104.16.86.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.197.15 139.45.197.15	9002 (RETN-AS) (RETN-AS)
3	142.250.186.174 142.250.186.174	15169 (GOOGLE) (GOOGLE)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	40.114.177.156 40.114.177.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	173.194.76.156 173.194.76.156	15169 (GOOGLE) (GOOGLE)
6	13.225.87.76 13.225.87.76	16509 (AMAZON-02) (AMAZON-02)
2	143.204.98.14 143.204.98.14	16509 (AMAZON-02) (AMAZON-02)
1	104.21.45.207 104.21.45.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
2	13.224.194.77 13.224.194.77	16509 (AMAZON-02) (AMAZON-02)
1	139.45.197.188 139.45.197.188	9002 (RETN-AS) (RETN-AS)
1	104.26.14.238 104.26.14.238	() ()
1	52.92.163.242 52.92.163.242	() ()
64	26

7 172.66.40.130 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

gplinks.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.2.80 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

gplinks.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.21.51.98 (None, )

ASN13335 (CLOUDFLARENET, US)

mynewsmedia.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.168 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.90.9 (None, )

ASN13335 (CLOUDFLARENET, US)

vmuid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.196.156 (Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)

aptimorph.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.255.6.217 (Netherlands)

ASN7979 (SERVERS-COM, US)

yantrasbarges.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.82.11 (Netherlands)

ASN7979 (SERVERS-COM, US)

yookcasula.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.106 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f106.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.208.78 (United States)

ASN13335 (CLOUDFLARENET, US)

www.pnglib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.86.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.15 (United Kingdom)

ASN9002 (RETN-AS, GB)

in-page-push.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.114.177.156 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

api.duckduckgo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.225.87.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-76.fra2.r.cloudfront.net

nandlookfo.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-14.fra50.r.cloudfront.net

ursegreatm.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.45.207 (None, )

ASN13335 (CLOUDFLARENET, US)

freychang.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.194.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-77.fra2.r.cloudfront.net

d1esebcdm6wx7j.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.188 (United Kingdom)

ASN9002 (RETN-AS, GB)

static.cdnativepush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.14.238 (None, )

ASN- ()

stats.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.92.163.242 (None, )

ASN- ()

webpick-cdn.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	mynewsmedia.co mynewsmedia.co	460 KB
7	gplinks.in 1 redirects gplinks.in	37 KB
6	nandlookfo.fun nandlookfo.fun	7 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	in-page-push.com in-page-push.com	31 KB
3	googletagmanager.com www.googletagmanager.com	115 KB
2	cloudfront.net d1esebcdm6wx7j.cloudfront.net	1 KB
2	ursegreatm.fun ursegreatm.fun	737 B
2	gstatic.com fonts.gstatic.com	46 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	yantrasbarges.com yantrasbarges.com	1 KB
2	vmuid.com vmuid.com	5 KB
1	vlitag.com stats.vlitag.com	553 B
1	amazonaws.com webpick-cdn.s3.us-west-2.amazonaws.com Failed	9 KB
1	cdnativepush.com static.cdnativepush.com	3 KB
1	rtmark.net my.rtmark.net	543 B
1	freychang.fun freychang.fun	717 B
1	doubleclick.net stats.g.doubleclick.net	459 B
1	duckduckgo.com api.duckduckgo.com	3 KB
1	jsdelivr.net cdn.jsdelivr.net	4 KB
1	jquery.com code.jquery.com	30 KB
1	pnglib.com www.pnglib.com	22 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
1	yookcasula.com yookcasula.com	1 KB
1	aptimorph.com aptimorph.com	39 KB
1	gplinks.co 1 redirects gplinks.co	1 KB
64	26

	Domain	Requested by
17	mynewsmedia.co	mynewsmedia.co
7	gplinks.in	1 redirects gplinks.in mynewsmedia.co
6	nandlookfo.fun	mynewsmedia.co
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	in-page-push.com	mynewsmedia.co in-page-push.com
3	www.googletagmanager.com	mynewsmedia.co www.googletagmanager.com
2	d1esebcdm6wx7j.cloudfront.net	nandlookfo.fun
2	ursegreatm.fun	mynewsmedia.co
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	mynewsmedia.co
2	yantrasbarges.com	mynewsmedia.co
2	vmuid.com	mynewsmedia.co vmuid.com
1	stats.vlitag.com
1	webpick-cdn.s3.us-west-2.amazonaws.com	mynewsmedia.co
1	static.cdnativepush.com	mynewsmedia.co
1	my.rtmark.net	in-page-push.com
1	freychang.fun	mynewsmedia.co
1	stats.g.doubleclick.net	www.google-analytics.com
1	api.duckduckgo.com	mynewsmedia.co
1	cdn.jsdelivr.net	mynewsmedia.co
1	code.jquery.com	mynewsmedia.co
1	www.pnglib.com	mynewsmedia.co
1	cdnjs.cloudflare.com	mynewsmedia.co
1	yookcasula.com	mynewsmedia.co
1	aptimorph.com	mynewsmedia.co
1	gplinks.co	1 redirects
64	26

This site contains links to these domains. Also see Links.

Domain
p343199.clksite.com
xdowl0adxd0wnloadx.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
aptimorph.com R3	`2021-09-27` - `2021-12-26`	3 months	crt.sh
yantrasbarges.com R3	`2021-08-28` - `2021-11-26`	3 months	crt.sh
yookcasula.com R3	`2021-08-31` - `2021-11-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
in-page-push.com R3	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.duckduckgo.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-02` - `2022-11-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
nandlookfo.fun Amazon	`2021-02-22` - `2022-03-23`	a year	crt.sh
ursegreatm.fun Amazon	`2021-09-22` - `2022-10-20`	a year	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
cdnativepush.com R3	`2021-10-02` - `2021-12-31`	3 months	crt.sh
*.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Frame ID: 9F53F73704A909CAACFE947822435A28
Requests: 46 HTTP requests in this frame

Frame: https://mynewsmedia.co//edu/Linkpage/nyc.php
Frame ID: 7F14143A227866B868B1F8413F81C83E
Requests: 7 HTTP requests in this frame

Frame: https://mynewsmedia.co//edu/Linkpage/nyc.php
Frame ID: E42F320542233DC38BE049EBBCB51389
Requests: 5 HTTP requests in this frame

Frame: https://nandlookfo.fun/Yk5PVTEDLCw4DgNzLXNEECJycAMka30TVVMrPDBTASoiY0YaeSV7Ug4hOjFXECEhIR8MKztwAyQdGmRdEBskAEYsKRplVAstOBEDW3YWAkkDFyEtAC82KGx6GwAkH3URIwESAQkGJgQHBDZ3Ong1ez8BZVYlHwEENSoMFAgtIhU/aBgHdhZmWzYrBgEAHhxgRC4PGmd4Jhs4F2UBJisGRiksNjIJKzkGcAMgBRsfCTUcHSJXNSIADHk0eQMyeFoHGyJEJQYrZmgYLSkxAgYkLhNFWioXD0ApFitmaBt6DAV5LCApE1YzFwgTQSd8HS1UDDYVDFgzJAQEHAF9Aj9oVQ8LJkkGIzwha1EUJDEACiUWEncSHzU+RSg0Hh1VUS0eM3cOJwQBXhsKITECOzR7Gnwxenc2dFcpKwFwGgkbZV4sIDcPdyo2KDEAFnYsAmsXFgctSzsGNw9oCBc2BUYNKQMdaxACGDEDOAYrDGslAyIPcEQkPDpfEnMAPFIFegAZUAs
Frame ID: E7AD834A254E0762ED5397139E547AAD
Requests: 2 HTTP requests in this frame

Frame: https://nandlookfo.fun/NjhldTRXWgYYC1cFB1NBRFRYUAZwHVczUAddFhBWVVwIQ0NODw9bV1pXEBFSRFcLARpYXRFQBnBbNjN6RFxWPEZmeTAnYGJPUzEERnQAGG5XalUBQXlqAix8clAQPU1vegAnU31/JjhdZl9RJWJyTxUxBEZ7Bx8MfX83IwVSaVEvcW5uDCFmb28uGAFQbTQsAGZ5Jz52T2FWMVxzWi8fbWZtNBZEVF88LHd1fUBHcnRAPy1RXm4AImF8TDwjQFB6NjANckACM3sFYj8nTEEAARlYfmlWHQ1hCS83d1hiPydDY1A1IwVyblYGZmJTMzZ5cW4DLVhSDjwCGVlwJBxlBHAnPGV/QgoTYV15Ki9YXnk9PUBabA4jd298AjF1TgAOEVhdCDNGRFx6HUFuemA/L2ZObRE4dXdhMkcFXm8dJFV5UhIycVpcUzNifH09PVwPYFU/clALVBFmcFxTLExRbyM2X155CT91clU/LGVwQFIvYQZ7MQISXEsKG0QLTDQGBX1ZCiReW10d
Frame ID: C05C4E9657C6C5BA11EC9709E63F41BA
Requests: 2 HTTP requests in this frame

Frame: https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
Frame ID: E45527FF2B5C6F889EE849E2C38CD625
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Your File is Ready for Download

Page URL History Show full URLs

https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/t... Page URL
https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/t... HTTP 301
https://gplinks.co/sy3B HTTP 302
https://mynewsmedia.co/edu/?postid=sy3B Page URL
https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

64
Requests

98 %
HTTPS

0 %
IPv6

26
Domains

26
Subdomains

26
IPs

5
Countries

845 kB
Transfer

1735 kB
Size

17
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://p343199.clksite.com/adServe/banners?tid=GPMOJO_DL_NEW&action=r

Search URL Search Domain Scan URL

URL: https://xdowl0adxd0wnloadx.com/YWrzm442f2d0c25038d497281aa53b908fee3b8ff7c7a?q=Your%20File%20is%20Ready%20for%20Download

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar Page URL
https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar HTTP 301
https://gplinks.co/sy3B HTTP 302
https://mynewsmedia.co/edu/?postid=sy3B Page URL
https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar HTTP 301
https://gplinks.co/sy3B HTTP 302
https://mynewsmedia.co/edu/?postid=sy3B

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 st Show response
gplinks.in/ 2 KB
2 KB 174ms
145ms Document
text/html 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09cef86483b432abf22a0c9569e761ed8b50193422f209afa0fcaaaed0e6389e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: gplinks.in
:scheme: https
:path: /st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 05 Oct 2021 15:56:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=9a1c271f47b996af78b9739c3b380c62; path=/; HttpOnly; secure csrfToken=f5271e88fa770c0f2e6755ba318c5892eb74e8434ab0e931aafec4ec13c1207477a04849c61ad487a382e2c5f929ab59dec336f3601f1b092ca2cbf5b7f89cf7; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37I0Sy76WkMLAZTcriNr103RPcgwHMONsBnjxibaQXOgh4c%2BsMVsrwHeXnyQDehvYd7J04SKHXnVMW9fZco6WbosxBXoHPDyGZ3LlQHr%2FaZSMZ%2FHm2oGW%2FmX3VK3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 6997d6eb3b664351-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 rocket-loader.min.js Show response
gplinks.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 10ms
9ms Script
application/javascript 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gplinks.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: gplinks.in
URL: https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: AppSession=9a1c271f47b996af78b9739c3b380c62; csrfToken=f5271e88fa770c0f2e6755ba318c5892eb74e8434ab0e931aafec4ec13c1207477a04849c61ad487a382e2c5f929ab59dec336f3601f1b092ca2cbf5b7f89cf7
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gplinks.in
referer: https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Wed, 29 Sep 2021 11:33:04 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"61544ef0-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldhbdvD4b8VJT3qyrow1WvXhVoAs1hYjdu7sU4yENhwoFemNYPhbPyOaFwKqPT6E8W3yTppBBbXwbsdh14RaYW0AZ8P3uxgzjWn31rIwCvqjocZbJ6XaTzdogLQy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 6997d6ec4e974351-FRA
expires: Thu, 07 Oct 2021 15:56:21 GMT

GET
H2

200

/
mynewsmedia.co/edu/
Redirect Chain

https://gplinks.in/st?api=c0a29a35402c7c3b531fff63b451cddff386519b&url=hentai.dl-zip.xyz/goto/turbo.to/t5CtTMMal3ZZ.rar
https://gplinks.co/sy3B
https://mynewsmedia.co/edu/?postid=sy3B

761 B
992 B

361ms
332ms

Document
text/html

104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/?postid=sy3B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: mynewsmedia.co
:scheme: https
:path: /edu/?postid=sy3B
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://gplinks.in/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://gplinks.in
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gplinks.in/

Response headers

date: Tue, 05 Oct 2021 15:56:22 GMT
content-type: text/html; charset=UTF-8
link: <https://mynewsmedia.co/edu/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: miss
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrdMnP7e7%2BPQp2xJhj7CGbGVraUbf4M8u%2BOBbcw%2B6VxcMDFgJLsU7%2F28wzGxlgOSa1Yyz6LFm9bepym%2Fx2hGnge5VSZiGavsvwrwOrcpJ9dzoT6YX605EtodYkzYzBP9%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6997d6eeeae9431b-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Tue, 05 Oct 2021 15:56:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=abdd8db6700ba026152bc4654a723f84; path=/; HttpOnly; secure csrfToken=6314d8f8de1aa1f1fd34fea34a83f6487124e61de0fed0daadb31610469c6dfd8c6ac53234925f7c5636bf7df5c4def25c52fd3c3978f1d06018f40356c7b921; path=/; HttpOnly; secure app_visitor=Q2FrZQ%3D%3D.ZjIzMzNmMWE2MmMzZDc5NTA1MGNhYzI3ZWE4MTg0YzU1OTk4OWE1ZWMxZjhhY2I1ZDFlZGJhNzYzMzM3OGY4YnCOc0U4QoZ%2BJGQ3Fg5Sh%2F5NbbC0SSc3c7fP%2FARlS0QoZvs0vcyuPvjictPEzei%2Bpxt7hOseeOh%2BABBcm7W%2Ba8iRMCIgvp%2FcIZiSJX7W1203; expires=Wed, 06-Oct-2021 15:56:22 GMT; Max-Age=86400; path=/; HttpOnly; secure __cf_bm=lnLLJf98uZv93Y9On2ocRcQuwKj7.uL70igS7xU8QiY-1633449382-0-ASceOQhd3H0jO+Roomd+f0nR+GxvvvECVpD9ZpUTGssd1rX7LTcnFirBewa/yWMRfmoYDJY5q0WxFXJq8bYA/V0=; path=/; expires=Tue, 05-Oct-21 16:26:22 GMT; domain=.gplinks.co; HttpOnly; Secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: https://mynewsmedia.co/edu/?postid=sy3B
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8LLlP8nuU55yRjiraAt23dfCjvApuP7WTpKfU8D5ahL9Wypp4gnFgIo40xH75FILtPgYqp8K1KTRWZHOpx0g39vSbpug8KMloPRvDC67rMjPecZelGicpu6IOtp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6997d6edab914e56-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 Primary Request / Show response
mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/ 24 KB
7 KB 822ms
821ms Document
text/html 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00ccc9f102d502966c4f403c4c9acd4999009f708e069e769adf2c07ced1f925

Request headers

:method: POST
:authority: mynewsmedia.co
:scheme: https
:path: /edu/education-insurance-plans-that-pay-for-higher-education/
content-length: 24
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: null
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://mynewsmedia.co/edu/xmlrpc.php
link: <https://mynewsmedia.co/edu/wp-json/>; rel="https://api.w.org/" <https://mynewsmedia.co/edu/wp-json/wp/v2/posts/1568>; rel="alternate"; type="application/json" <https://mynewsmedia.co/edu/?p=1568>; rel=shortlink
x-litespeed-cache-control: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWGRjlpEGxrAJ7qD4t%2BueC8R0hH2t34YmZJpda7qyG96yldffo0mEkrq2NpDzeKvX4MoWfx%2FXqMemlW5WMbucgZTtP6SZyVmclXqEbj%2FvqHMsbFGmHa3sy2sABz27fZ4kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6997d6f12881431b-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 52ms
28ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-134987322-6

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d68669743a86aaff61556536c2b1fc38f296fc788684314c214de2875d1d7db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38909
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Oct 2021 15:56:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 43ms
19ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-134987322-9

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9290455b5b11e2da7e555ca17cad56ae949cb551bdc859f969e276ea3b3eb7e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38906
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Oct 2021 15:56:23 GMT

GET
H2 200 script.js Show response
vmuid.com/ 10 KB
4 KB 112ms
61ms Script
text/javascript 104.21.90.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vmuid.com/script.js?sid=494e7bd8-4622-4312-97f0-3e90f1268f5e
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.90.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d6050216a4bae779bcca48452cb92f7b26a0bae6670496207ed927de8789e48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfQxMAvAN7Uz6J0I7EaCCfsVYIUCDpFvUnD0svDg7IffEai0Ul1IE1uB%2BM2RuX7ZGMhlUwOue0zYu1wwZ4Gnuk%2FTTut4ZQXGVYK2itsU6V%2Fa02JPsS53pGE6DVQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: no-store, max-age=0
cf-ray: 6997d6f6be82f9de-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK sdk.js Show response
aptimorph.com/ 39 KB
39 KB 37ms
15ms Script
text/javascript 178.162.196.156
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://aptimorph.com/sdk.js?sid=494e7bd8-4622-4312-97f0-3e90f1268f5e
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 178.162.196.156 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 76ebc83e749ede9e2891563896fadb296889b55db6f999856e262db74514ae6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 05 Oct 2021 15:56:23 GMT
Server: nginx/1.14.1
X-Cache-Status: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 40044

GET
H/1.1 200
OK 36363 Show response
yantrasbarges.com/rmVXmeQ3p4Fb55/ 5 B
1 KB 160ms
21ms Script
application/javascript 172.255.6.217
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://yantrasbarges.com/rmVXmeQ3p4Fb55/36363

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.6.217 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 05 Oct 2021 15:56:23 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=1
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: https://mynewsmedia.co
Access-Control-Max-Age: 600
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
X-Content-Type-Options: nosniff
Keep-Alive: timeout=20

GET
H/1.1 200
OK 29630 Show response
yookcasula.com/1clkn/ 6 B
1 KB 78ms
14ms Script
application/javascript 23.109.82.11
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://yookcasula.com/1clkn/29630

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

23.109.82.11 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 05 Oct 2021 15:56:23 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H/1.1 200
OK 31614 Show response
yantrasbarges.com/gLmMHKXZTrStfc/ 0
0 159ms
20ms Script
text/html 172.255.6.217
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://yantrasbarges.com/gLmMHKXZTrStfc/31614
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 172.255.6.217 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://mynewsmedia.co
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 41ms
16ms Stylesheet
text/css 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700,800,900

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f106.1e100.net

Software

ESF /

Resource Hash

4885da660044dd23d5d6aa035466a35f4064cb6b2f73eb762630266b516f3a08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 15:55:58 GMT
server: ESF
date: Tue, 05 Oct 2021 15:56:23 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Tue, 05 Oct 2021 15:56:23 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 37ms
19ms Stylesheet
text/css 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3680600
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3t5eE%2B3l4wId4nbRtpaMJvJ%2B%2FBrcb9YgkhaKbJtSIVmArmksNZ%2BSOBL8n%2FovoianA%2FUmaEJFKcr9wF7dtC3ThKrWxerGHgpyf7VwWq80%2BiEDrYIl0Aex2j1bcavFSJwcVnj6M38x"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6997d6f67c9a4dee-FRA
expires: Sun, 25 Sep 2022 15:56:23 GMT

GET
H3 200 bootstrap.min.css
mynewsmedia.co/edu/Linkpage/assets/vendor/bootstrap/css/ 157 KB
25 KB 29ms
28ms Stylesheet
text/css 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/bootstrap/css/bootstrap.min.css
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Request headers

:path: /edu/Linkpage/assets/vendor/bootstrap/css/bootstrap.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83422
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoDVmI5sVpFjzuMYP03xqi1SKnr2bcOTKmvRhRetnFZRcEnqaWiPNtXWW0ICvO1RxjLL0AI9QQYuCWyVUmY4yf5cYxCmI5v%2FuHd%2BUZi3Sdw1MYRenXJjT%2BJBy7tNVjjN%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f658826927-FRA
expires: Mon, 11 Oct 2021 16:46:01 GMT

GET
H3 200 all.min.css
mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/css/ 58 KB
13 KB 24ms
23ms Stylesheet
text/css 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/css/all.min.css
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Request headers

:path: /edu/Linkpage/assets/vendor/fontawesome-free/css/all.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83422
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2yFVe320%2BeQcNM0OOd2edQp3KTvu8uzlEn2J%2BhENO4FMfNoI9PWkQMLkX2fNnOoz1h%2BUt67OHcXaqQqAOIGwxGqNeGZg%2BucvEVJRQDfRfSEHI%2BPP0qaBhkpySTQcLnxuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f658886927-FRA
expires: Mon, 11 Oct 2021 16:46:01 GMT

GET
H3 200 simple-line-icons.css
mynewsmedia.co/edu/Linkpage/assets/vendor/simple-line-icons/css/ 11 KB
3 KB 43ms
42ms Stylesheet
text/css 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/simple-line-icons/css/simple-line-icons.css
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb112d50f744cf58c2ebecb8a5b0d950c7f5a7a37c9842d21e2f678144dd149a

Request headers

:path: /edu/Linkpage/assets/vendor/simple-line-icons/css/simple-line-icons.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83422
cf-polished: origSize=12973
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QK2zeCkbIMTtl8nQiNbcA0MXStmDByTUls1QCeJ5E0TwXDgEmLNO4BNTuuduC4uGi17qJCAWXwA6o4Er5c2scAveZa6rE2ulwX0NbEWD8uABDTJc0tVh%2B5hOorDCFvEpxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f6588a6927-FRA
expires: Mon, 11 Oct 2021 16:46:01 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
573 B 41ms
16ms Stylesheet
text/css 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f106.1e100.net

Software

ESF /

Resource Hash

334e714a1c5ebefb28783d1c809dda2a01b916554121e92067a2e41417cd10a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 14:34:25 GMT
server: ESF
date: Tue, 05 Oct 2021 15:56:23 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Tue, 05 Oct 2021 15:56:23 GMT

GET
H3 200 landing-page.min.css
mynewsmedia.co/edu/Linkpage/assets/css/ 2 KB
1 KB 19ms
18ms Stylesheet
text/css 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/css/landing-page.min.css
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5f0b6e68dfaab5fdafeee920631895fa6c0e3ec2bfe7689fcc6247f854b772f

Request headers

:path: /edu/Linkpage/assets/css/landing-page.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83422
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R32YqWNQDR8b5S4OXOvruw1WMFieNTyYiGV92wAiNkd%2FmbrW%2FmkTrbsJkEqLlY7Pmxz4hF6pG%2F7nWuNZm6pixjVBBFDxvC51THKmh8N3rAMOon6fkY4UiqJYV9O3Bj16Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f6588d6927-FRA
expires: Mon, 11 Oct 2021 16:46:01 GMT

GET
H3 200 gp-logo.png
mynewsmedia.co/edu/Linkpage/assets/img/ 7 KB
8 KB 18ms
15ms Image
image/png 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/img/gp-logo.png
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c15ca9bca87b73ee3f65105657ed66ba35b7c7346ad9233fa169af78bd76ae8

Request headers

:path: /edu/Linkpage/assets/img/gp-logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 133449
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7249
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3U2K8j0tSvbbqd8N8za7ran4CY9pl4ErFYFygmU9%2FTFJAVtj5vp5l18Gdu2%2FMg85qex87WT84P6GRPNu0lH1gXE8sv4Kb2YkTQHJ1oZ4WI3kAyGoNbftnAPJeTjbp%2FVyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b7a6927-FRA
expires: Mon, 11 Oct 2021 02:52:14 GMT

GET
H3 200 file-download.jpg
mynewsmedia.co/edu/Linkpage/assets/img/ 138 KB
139 KB 30ms
27ms Image
image/jpeg 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/img/file-download.jpg
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd3bbd3b9f8aaf2fa61ef7646899cda12097f7332fa3302bfbec50c80986fe24

Request headers

:path: /edu/Linkpage/assets/img/file-download.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 133449
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 141539
last-modified: Thu, 03 Jun 2021 13:06:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U0Gei8eNDGvKwFO1bEFjMQefjigPWb2D5%2BTWJekcSzDfqIgZOTKmlKLn1JM9r%2BehA%2FPKud32eQuxKRYTCH1pZCRmStMeii5JzUDxER9tVqG7Q%2Fb%2B5YGDXmNjhWbk3curAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b7e6927-FRA
expires: Mon, 11 Oct 2021 02:52:14 GMT

GET
H2 200 movie-download.png
gplinks.in/advertising/banners/ 6 KB
6 KB 21ms
18ms Image
image/png 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gplinks.in/advertising/banners/movie-download.png

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2beb5fa2889c472408dbd68e732864d0051b1711678adf01348326021953ec72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1949118
vary: User-Agent,User-Agent, Accept-Encoding
content-length: 5781
x-xss-protection: 1; mode=block
last-modified: Tue, 28 Apr 2020 05:59:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akftKAwVK%2FQZXzL%2B91T9tycGFkrOyVLc%2BNCfKmT16tDJF3xtV4%2Bhr%2B7k3GIGR4SAaSTEprHDCLiw23yiLCXfp4zZiorYaqLrfGjDO7ygc4sy2AUdOQQHfC%2BKwgtE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b934351-FRA
expires: Tue, 13 Sep 2022 02:31:05 GMT

GET
H2 200 files-icon_6021cfc28b193.png
www.pnglib.com/wp-content/uploads/2021/02/ 21 KB
22 KB 68ms
21ms Image
image/png 172.67.208.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pnglib.com/wp-content/uploads/2021/02/files-icon_6021cfc28b193.png
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.208.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71b337ac7fe7e8df7f9f8da261d03219901aa574e2819c5c726199078187c1a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12124036
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 21929
last-modified: Mon, 08 Feb 2021 23:56:50 GMT
server: cloudflare
etag: "6021cfc2-55a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJBPZpxok0IwYR6p%2BdV%2BgMPLyt%2Bra5ZtVUWosdvh46k0pB5b7Pnwdra9z6tlEO0oVCxdVkaSSM2%2FLFLqTW3ijyGXii%2F%2Fb32Pzgx2J7rxXVSCnzzf21yzpsMbcfz%2Fz3%2FiRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, no-transform
accept-ranges: bytes
cf-ray: 6997d6f7bd5b411a-PRG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 do-skip-ads.png
gplinks.in/advertising/banners/ 5 KB
5 KB 19ms
17ms Image
image/png 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gplinks.in/advertising/banners/do-skip-ads.png

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03e7e4b6ef1d39c3c85bba1cfc528b7a832353d1574165f35da1604a3fc0491d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2687735
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4770
x-xss-protection: 1; mode=block
last-modified: Tue, 28 Apr 2020 05:59:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2T37YilLAA7MmlJosrWEMyokEg6KEdpZjCqUuj6QKRJmpsD%2FMyOCMxGX2%2BSmwPHYGD95W6Xzbl0unSwDHc5T70adtq6%2BdyEOCf5jjWtaPIU8WrINRZ%2FVSTh2hNmx"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: User-Agent,User-Agent, Accept-Encoding
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b954351-FRA
expires: Sun, 04 Sep 2022 13:20:48 GMT

GET
H2 200 start-123.png
gplinks.in/advertising/banners/ 13 KB
14 KB 20ms
17ms Image
image/png 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gplinks.in/advertising/banners/start-123.png

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cac796e636db4a5146cf5fec25f59d180c0e6e3ab3135a2734a66cda24ade4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5774502
vary: User-Agent,User-Agent, Accept-Encoding
content-length: 13297
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 08:15:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wx%2BvEuUCAH2bFb1asmcrqR2DjFUqFBH7fautN916i8%2FXiXHeWWzQWbJDqHWq%2BoqWIWsaOG2UiPy75qkKNa2SochqjThKblJwBDCOnTFijc%2F2x0lbTev3jxYTr%2BJA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b974351-FRA
expires: Sat, 30 Jul 2022 19:54:40 GMT

GET
H2 200 foler-download.png
gplinks.in/advertising/banners/ 6 KB
7 KB 19ms
17ms Image
image/png 172.66.40.130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gplinks.in/advertising/banners/foler-download.png

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.130 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6bd7a2b3f096a14e9dd6b889dc664c325fbcf0f951d8f89309e4ca736dc8935

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1949118
vary: User-Agent,User-Agent, Accept-Encoding
content-length: 6604
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Mar 2021 08:44:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37ZNUYGy0xolUbABLlrO5RI7MrF%2FycAufAAKKg1THyLwUXHx4me1A%2BCVW7J8X%2FVLbxz4O77GgEQv0RrTMA1v6Tv5pFex%2Fr6JKlGMy%2FN5k%2BbVmPmC0R4tm8zBj8j8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b994351-FRA
expires: Tue, 13 Sep 2022 02:31:05 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 29ms
8ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2017 19:01:15 GMT
server: nginx
etag: W/"58d026fb-15283"
vary: Accept-Encoding
x-hw: 1633449383.dop132.fr8.t,1633449383.cds258.fr8.hn,1633449383.cds133.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H3 200 jquery.min.js Show response
mynewsmedia.co/edu/Linkpage/assets/vendor/jquery/ 87 KB
32 KB 25ms
25ms Script
application/javascript 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/jquery/jquery.min.js
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

:path: /edu/Linkpage/assets/vendor/jquery/jquery.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 133480
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jY1yES5Q31cOcPWx0%2B54PP9RFUczHU%2FhbMqh2%2FOGlKg0aptRhQ6HN5yc3BF9uWFwUwywJYddTsQqGVQIX1ccWovZUxgmYt9BZptyzsv3qxd%2FN%2FQyR9sWKG%2FtA1TZZJj%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f76b6e6927-FRA
expires: Mon, 11 Oct 2021 02:51:43 GMT

GET
H3 200 bootstrap.bundle.min.js Show response
mynewsmedia.co/edu/Linkpage/assets/vendor/bootstrap/js/ 82 KB
23 KB 23ms
22ms Script
application/javascript 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/bootstrap/js/bootstrap.bundle.min.js
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Request headers

:path: /edu/Linkpage/assets/vendor/bootstrap/js/bootstrap.bundle.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83419
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3XBcxf3%2FSDSKnu3VETxtp5rwNmgi4ypvGTnXHtphlu0kVXTBKaxMIxViw1sgY3ro5shdKjVENC3ttZmkocLePZKQmh%2B%2BKIcZuyiVVGi2oQvLuhbV8Tbl0hU4x13goa1uiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f76b706927-FRA
expires: Mon, 11 Oct 2021 16:46:04 GMT

GET
H2 200 v1.0.min.js Show response
cdn.jsdelivr.net/gh/vli-platform/adb-analytics@77bebb/ 8 KB
4 KB 32ms
13ms Script
application/javascript 104.16.86.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/vli-platform/adb-analytics@77bebb/v1.0.min.js

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a60f05241c10731fac30ffb51c6e79d0c0dc5592c835efb90618e6f736c9f729

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2177
x-jsd-version: 77bebb
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19172-FRA
timing-allow-origin: *
x-jsd-version-type: branch
server: cloudflare
etag: W/"1e1a-TMun0KsWj4EaQvAPccpf5Lt0Xjk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6997d6f77abec2d6-FRA

GET
H3 200 adblocker.png
mynewsmedia.co/edu/Linkpage/assets/img/ 34 KB
35 KB 40ms
38ms Image
image/png 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/img/adblocker.png
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e900e5ae80b3edc54ea9b2df7846ae84f246673337448b3a7b112c7a0b44f4d4

Request headers

:path: /edu/Linkpage/assets/img/adblocker.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83404
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 34963
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZOQi4eKiPO%2F1nSjCRDAueF5icfYVdmhJTOeMWMq4NXUasvZrd6QdUYR6Y0SJStnFZP0V00DIbJ5hLocMnPzGYPDBT5vVjxaHCToTIo7ZP5Bf7h6vojoA0cLrJcHC7YSnKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f76b836927-FRA
expires: Mon, 11 Oct 2021 16:46:19 GMT

GET
H2 200 4249477 Show response
in-page-push.com/400/ 84 KB
30 KB 67ms
26ms Script
application/javascript 139.45.197.15
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://in-page-push.com/400/4249477

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.15 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d4a01f1ec80702ac53441c8fa63f87cba3aac2b850742e2c9e70eb7af16d5ae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 08c553f1a1d5ea2ce577b97e36b937eb
pragma: no-cache
date: Tue, 05 Oct 2021 15:56:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 33ms
18ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-134987322-6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-134987322-9

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4349a873d037bf4aba6ad31ab97a4628bed3584b4d289ce40bbdb677220a764d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38909
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Oct 2021 15:56:23 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 57ms
16ms Script
text/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-134987322-6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 6917
date: Tue, 05 Oct 2021 14:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Tue, 05 Oct 2021 16:01:06 GMT

POST
H3 200 send Show response
vmuid.com/uid/ 65 B
841 B 73ms
56ms Fetch
application/json 104.21.90.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vmuid.com/uid/send
Requested by: Host: vmuid.com
URL: https://vmuid.com/script.js?sid=494e7bd8-4622-4312-97f0-3e90f1268f5e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.90.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e00e89ff241e2307fff59823b97f01bbfb982cb7dfe63430ec11dc144de615a2

Request headers

Accept: application/json
Referer: https://mynewsmedia.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryLaVc4vL3ytmCfgqk

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, set-cookie, Cookie
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnS5VKRuHQt%2FAk1atdg0UZXgvYNW0B7rla3HQHs%2F0W3LpWEChO%2BEt7HlUDJ8WEvGnQndNnWncllEkN%2F19Ab7gooAooQVPQ7gVWo7W52wh6gRZLl%2FLAjrw%2Bj%2F00E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-store, max-age=0
access-control-allow-credentials: true
cf-ray: 6997d6f739822788-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 nyc.php Show response
mynewsmedia.co//edu/Linkpage/ Frame 7F14 93 B
651 B 230ms
230ms Document
text/html 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co//edu/Linkpage/nyc.php
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae2593c46f5c98de8c7d71d16b318b83990cd9350427555fbf75ccf062c31b4

Request headers

:method: GET
:authority: mynewsmedia.co
:scheme: https
:path: //edu/Linkpage/nyc.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g32dyBfnaaKQtrDGncI2KMpFCUrHZixcNiAf5Yq%2BC2wExPY6xDeNUZEsGIJEsThjiQIBAL0WBSz4%2FpvlIf1aCzcg04xqP6H3NL8Ve%2F8LF4BvE0QZn6ECJqcw0JCBHD%2F6mA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6997d6f77ba26927-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 nyc.php Show response
mynewsmedia.co//edu/Linkpage/ Frame E42F 93 B
648 B 1186ms
1185ms Document
text/html 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co//edu/Linkpage/nyc.php
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae2593c46f5c98de8c7d71d16b318b83990cd9350427555fbf75ccf062c31b4

Request headers

:method: GET
:authority: mynewsmedia.co
:scheme: https
:path: //edu/Linkpage/nyc.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Response headers

date: Tue, 05 Oct 2021 15:56:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hK%2BEkKXx0SgW3evSmL95LgSn6TsLlRSXh9AdZkp6ba4ScrzU8gPXN2PKaOlr4YhXUvH7n2qLi%2Fmi8bDqG0A7KwzzqNVqxgcu5igbPaEQVWZ5O2NTUGQdx8Y3pQrp1f6bMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6997d6f77ba56927-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 45ms
18ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mynewsmedia.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 15:11:30 GMT
x-content-type-options: nosniff
age: 89093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Oct 2022 15:11:30 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 38ms
11ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mynewsmedia.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 08:57:05 GMT
x-content-type-options: nosniff
age: 543558
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 08:57:05 GMT

GET
H3 200 fa-solid-900.woff2
mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/webfonts/ 78 KB
79 KB 19ms
18ms Font
font/woff2 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/css/all.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Request headers

:path: /edu/Linkpage/assets/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
pragma: no-cache
origin: https://mynewsmedia.co
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://mynewsmedia.co/edu/Linkpage/assets/vendor/fontawesome-free/css/all.min.css
Origin: https://mynewsmedia.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 80300
last-modified: Sat, 10 Apr 2021 18:04:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9WWBYZPcd4rnaZdf2gCOmZF0RSxlzIHbVztjUIXgJA07pxggG9c6tAByjx%2BSuXKn7TVaq2E%2FEhEIFkB0OG9ELR84d9FeAWlsx%2B5rOwAGfehK339x4UqSOTqp%2BAgWxVSCfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 6997d6f7cc736927-FRA
expires: Mon, 11 Oct 2021 16:46:16 GMT

GET
H2 200 / Show response
api.duckduckgo.com/ 1 KB
3 KB 119ms
48ms XHR
application/x-javascript 40.114.177.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.duckduckgo.com/?q=useragent&format=json

Requested by

Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

40.114.177.156 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

278e9b2b52f40811df066b93ee8335ec35260e10d2975bae8aeec6eca6437731

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ https://duck.co ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; media-src https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; style-src https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; frame-src blob: https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; form-action https://duckduckgo.com https://.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ https://duck.co ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
x-content-type-options: nosniff
server-timing: total;dur=16;desc="Backend Total"
x-xss-protection: 1;mode=block
x-duckduckgo-locale: de_DE
referrer-policy: origin
server: nginx
x-frame-options: SAMEORIGIN
expect-ct: max-age=0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/x-javascript
access-control-allow-origin: *
x-duckduckgo-results: 1
cache-control: max-age=1
permissions-policy: interest-cohort=()
content-security-policy: default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ https://duck.co ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; media-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; style-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; form-action https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ https://duck.co ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
expires: Tue, 05 Oct 2021 15:56:24 GMT

POST
H3 200 ads_stats_controller.php Show response
mynewsmedia.co/edu/Linkpage/ 9 B
579 B 1196ms
1196ms XHR
text/html 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/ads_stats_controller.php
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/assets/vendor/jquery/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c5ff03aa26d6500f9dc6d33757b7dc8eeac8d12c6ef08a4b9cc9edfe2a96d1e

Request headers

sec-fetch-mode: cors
origin: https://mynewsmedia.co
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
content-length: 44
:path: /edu/Linkpage/ads_stats_controller.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: mynewsmedia.co
referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 05 Oct 2021 15:56:24 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOGFbKirui8BJV5W%2BJcIwlgXJueaZW2a%2BiZQcj5K8x94Qpjg0bwIgpQUrmurgXWvtJsGWG7ls82FiGtmmO3TBMko%2Bq%2FTSSLEVxW9Tj%2BL7azEu0jBiNdzOzGZekoIeXFw2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f7fcdc6927-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 28ms
14ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1942393434&t=pageview&_s=1&dl=https%3A%2F%2Fmynewsmedia.co%2Fedu%2Feducation-insurance-plans-that-pay-for-higher-education%2F&ul=en-us&de=UTF-8&dt=Your%20File%20is%20Ready%20for%20Download&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1258512796&gjid=2001267358&cid=648312916.1633449384&tid=UA-134987322-6&_gid=2026219009.1633449384&_r=1&gtm=2ou9r0&z=1301306875

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mynewsmedia.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 25ms
14ms XHR
text/plain 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1942393434&t=pageview&_s=1&dl=https%3A%2F%2Fmynewsmedia.co%2Fedu%2Feducation-insurance-plans-that-pay-for-higher-education%2F&ul=en-us&de=UTF-8&dt=Your%20File%20is%20Ready%20for%20Download&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=874536313&gjid=1125652960&cid=648312916.1633449384&tid=UA-134987322-9&_gid=2026219009.1633449384&_r=1&gtm=2ou9r0&z=691162286

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mynewsmedia.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
459 B 44ms
14ms XHR
text/plain 173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-134987322-9&cid=648312916.1633449384&jid=874536313&gjid=1125652960&_gid=2026219009.1633449384&_u=YEDAAUABAAAAAC~&z=1999083775

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mynewsmedia.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 05 Oct 2021 15:56:23 GMT
content-type: text/plain
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tg-925109.js Show response
mynewsmedia.co/edu/Linkpage/ Frame 7F14 157 KB
47 KB 20ms
19ms Script
application/javascript 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co//edu/Linkpage/nyc.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b13a24ceb7682e8bc5d7cc963d910191a4a5d9239e6614d6a0a24e092e6694

Request headers

:path: /edu/Linkpage/tg-925109.js
pragma: no-cache
cookie: _ga=GA1.2.648312916.1633449384; _gid=GA1.2.2026219009.1633449384; _gat_gtag_UA_134987322_6=1; _gat_gtag_UA_134987322_9=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: mynewsmedia.co
referer: https://mynewsmedia.co//edu/Linkpage/nyc.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co//edu/Linkpage/nyc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83398
cf-polished: origSize=161215
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 03 May 2021 18:32:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ym%2BugwDjvVGx3DDDTQmcfSIYRJAxHrOw%2FQprH71NsLJoQf%2BIMJCr7pk%2B1Q9cxsNY1uB4EmXUs7M41lWYw6mrz19S9pijPERBNH8AIgLvFbFSXZzUnVs1uVvoVxnkZoqaUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6f8ff506927-FRA
expires: Mon, 11 Oct 2021 16:46:25 GMT

GET
H2 204 utx Show response
nandlookfo.fun/ Frame 7F14 0
411 B 146ms
100ms XHR
text/plain 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/utx?cb=fcrm1KdfiZeW&top=mynewsmedia.co&tid=925109
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:23 GMT
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: tD0mrUG6epQB_o8ABjeGtx51sTa7ctyld7FiFqnmnlFyzjzJh6inAg==

GET
H2 200 popunder.gif
ursegreatm.fun/ Frame 7F14 35 B
368 B 134ms
101ms Image
image/gif 143.204.98.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ursegreatm.fun/popunder.gif
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co//edu/Linkpage/nyc.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-14.fra50.r.cloudfront.net
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
content-length: 58
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
x-amz-cf-id: 4_9QDYblC6B65fQoAsI2PZagBxX3DPO518zzCBARzJ9OtwnUrzBO-g==

GET
H2 200 aBgHdhZmWzYrBgEAHhxgRC4PGmd4Jhs4F2UBJisGRiksNjIJKzkGcAMgBRsfCTUcHSJXNSIADHk0eQMyeFoHGyJEJQYrZmgYLSkxAgYkLhNFWioXD0ApFitmaBt6DAV5LCApE1YzFwgTQSd8HS1UDDYVDFgzJAQEHAF9Aj9oVQ8LJkkGIzwha1EUJDEACiUWEncSH... Show response
nandlookfo.fun/Yk5PVTEDLCw4DgNzLXNEECJycAMka30TVVMrPDBTASoiY0YaeSV7Ug4hOjFXECEhIR8MKztwAyQdGmRdEBskAEYsKRplVAstOBEDW3YWAkkDFyEtAC82KGx6GwAkH3URIwESAQkGJgQHBDZ3Ong1ez8BZVYlHwEENSoMFAgtIhU/ Frame E7AD 3 KB
2 KB 141ms
101ms Document
text/html 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/Yk5PVTEDLCw4DgNzLXNEECJycAMka30TVVMrPDBTASoiY0YaeSV7Ug4hOjFXECEhIR8MKztwAyQdGmRdEBskAEYsKRplVAstOBEDW3YWAkkDFyEtAC82KGx6GwAkH3URIwESAQkGJgQHBDZ3Ong1ez8BZVYlHwEENSoMFAgtIhU/aBgHdhZmWzYrBgEAHhxgRC4PGmd4Jhs4F2UBJisGRiksNjIJKzkGcAMgBRsfCTUcHSJXNSIADHk0eQMyeFoHGyJEJQYrZmgYLSkxAgYkLhNFWioXD0ApFitmaBt6DAV5LCApE1YzFwgTQSd8HS1UDDYVDFgzJAQEHAF9Aj9oVQ8LJkkGIzwha1EUJDEACiUWEncSHzU+RSg0Hh1VUS0eM3cOJwQBXhsKITECOzR7Gnwxenc2dFcpKwFwGgkbZV4sIDcPdyo2KDEAFnYsAmsXFgctSzsGNw9oCBc2BUYNKQMdaxACGDEDOAYrDGslAyIPcEQkPDpfEnMAPFIFegAZUAs
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 79cc7d23baf92f223f4fec8f3ee476fb5ae6b0daa8ee0c9071b596cd1f97c7ff

Request headers

:method: GET
:authority: nandlookfo.fun
:scheme: https
:path: /Yk5PVTEDLCw4DgNzLXNEECJycAMka30TVVMrPDBTASoiY0YaeSV7Ug4hOjFXECEhIR8MKztwAyQdGmRdEBskAEYsKRplVAstOBEDW3YWAkkDFyEtAC82KGx6GwAkH3URIwESAQkGJgQHBDZ3Ong1ez8BZVYlHwEENSoMFAgtIhU/aBgHdhZmWzYrBgEAHhxgRC4PGmd4Jhs4F2UBJisGRiksNjIJKzkGcAMgBRsfCTUcHSJXNSIADHk0eQMyeFoHGyJEJQYrZmgYLSkxAgYkLhNFWioXD0ApFitmaBt6DAV5LCApE1YzFwgTQSd8HS1UDDYVDFgzJAQEHAF9Aj9oVQ8LJkkGIzwha1EUJDEACiUWEncSHzU+RSg0Hh1VUS0eM3cOJwQBXhsKITECOzR7Gnwxenc2dFcpKwFwGgkbZV4sIDcPdyo2KDEAFnYsAmsXFgctSzsGNw9oCBc2BUYNKQMdaxACGDEDOAYrDGslAyIPcEQkPDpfEnMAPFIFegAZUAs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mynewsmedia.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/

Response headers

content-type: text/html
content-length: 1227
date: Tue, 05 Oct 2021 15:56:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: DJSt9TrbEY2LwDEOf2oP6oaCXbZffSOEVsS1aVtvAwgWFFOYN6rcsg==

GET
H2 200 / Show response
freychang.fun/ Frame 7F14 15 B
717 B 163ms
120ms Fetch
text/plain 104.21.45.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freychang.fun/?f=68cb9cbd7e5818bd1a62d4ec74ab7d3d
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.45.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caf60c3af25f2f972ff6a26482e2279d394c15cd6a7f04a19a7ca8b5adb1341a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:24 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://mynewsmedia.co
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDeCERzHA0EtkI19ABpW3d%2FPSWDybsBqACwtQ2DhGOL2S24QtvWZJe7KnCrQt2AgG0OK3%2BsXnE8960cqCzk4gVhMd%2B%2BPDceQtcLS%2BuiSj6o95%2F9%2FlYZUOCKBj2o9Zaeo"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6997d6f9dd744119-PRG
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
543 B 46ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: in-page-push.com
URL: https://in-page-push.com/400/4249477

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

22b35c4a3cc1c206a045a5c8b580dbeafb95fc276dff22c7d4f2c5678ec5c54b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:17 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mynewsmedia.co
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 4249477 Show response
in-page-push.com/500/ 1 KB
1 KB 32ms
32ms XHR
application/javascript 139.45.197.15
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://in-page-push.com/500/4249477?excludes=&oaid=2d89a0210ee74d849b06d903f9c544f5&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=2&pl=https%3A%2F%2Fmynewsmedia.co%2Fedu%2Feducation-insurance-plans-that-pay-for-higher-education%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Requested by

Host: in-page-push.com
URL: https://in-page-push.com/400/4249477

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.15 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8b4b5b0101e146e8301d988bb970d640786c0c72b43af054aed5c92dff12f948

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://mynewsmedia.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: d48da1d46bd7cbc37e5206853e7da211
pragma: no-cache
date: Tue, 05 Oct 2021 15:56:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://mynewsmedia.co
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

OPTIONS
H2 200 4249477
in-page-push.com/500/ Frame 0
0 37ms
12ms Preflight 139.45.197.15
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

139.45.197.15 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://mynewsmedia.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Tue, 05 Oct 2021 15:56:24 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: https://mynewsmedia.co
access-control-max-age: 300
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 floater Show response
nandlookfo.fun/ Frame 7F14 1 KB
1 KB 407ms
407ms XHR
text/plain 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/floater?cs=U21nSHRiWwYqRjdVAX4WMloCcERj&abt=0&red=1&sm=83&k=&v=0.8.1.0&sts=0&prn=0&emb=1&tid=925109&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fmynewsmedia.co%2F%2Fedu%2FLinkpage%2Fnyc.php&osr=mynewsmedia.co&jst=8&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F93.0.4577.63%20safari%2F537.36&tzd=0&uloc=&if=0&aa=td5_oi1_&_gLci=1633449384002&crc=1
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 54c453e3912c745ccc8d5c3553b0f91232ccb0621445da7c626348729adc4deb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:24 GMT
content-encoding: gzip
server: openresty/1.17.8.2
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
content-type: text/plain
content-length: 877
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
x-amz-cf-id: DzCgM3je1coXGCDLXkVw_HTI1yiGdoo1_i6bzHrGX2DjkPAhNWQqyg==

GET
H2 200 SU1lrUkUwNgU0eicwD298YWxaYnx1Mxg9KyNkJDsmNG0kHiQ6fx8oIW5pTT4kPT5WdCA9OlZjYzI9CW9xdS0bPS5uLAU2IDUwBTchdSwKbyg8IwI+KTJ8WRRwfWlOYHV7LgI8ITwuGHd3Yzcfd3djaFt8dXZqKXd3Yy4CPHNnfFgQYGFpE2RxenxZYiQjKQ-c3MjY... Show response
d1esebcdm6wx7j.cloudfront.net/ Frame E7AD 397 B
598 B 191ms
161ms Script
text/plain 13.224.194.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1esebcdm6wx7j.cloudfront.net/SU1lrUkUwNgU0eicwD298YWxaYnx1Mxg9KyNkJDsmNG0kHiQ6fx8oIW5pTT4kPT5WdCA9OlZjYzI9CW9xdS0bPS5uLAU2IDUwBTchdSwKbyg8IwI+KTJ8WRRwfWlOYHV7LgI8ITwuGHd3Yzcfd3djaFt8dXZqKXd3Yy4CPHNnfFgQYGFpE2RxenxZYiQjKQ-c3MjY7ADsxdmstZ3Zkd1hkYGFpQzktJzQHd3cQfFliKToyDnd3Yz4OMS48cE5gdTAxGT0oNnxZFHxgd1t8cWZuXHxzYHxZYjYyPwogLHZrLWd2ZHdYZGMmZA
Requested by: Host: nandlookfo.fun
URL: https://nandlookfo.fun/Yk5PVTEDLCw4DgNzLXNEECJycAMka30TVVMrPDBTASoiY0YaeSV7Ug4hOjFXECEhIR8MKztwAyQdGmRdEBskAEYsKRplVAstOBEDW3YWAkkDFyEtAC82KGx6GwAkH3URIwESAQkGJgQHBDZ3Ong1ez8BZVYlHwEENSoMFAgtIhU/aBgHdhZmWzYrBgEAHhxgRC4PGmd4Jhs4F2UBJisGRiksNjIJKzkGcAMgBRsfCTUcHSJXNSIADHk0eQMyeFoHGyJEJQYrZmgYLSkxAgYkLhNFWioXD0ApFitmaBt6DAV5LCApE1YzFwgTQSd8HS1UDDYVDFgzJAQEHAF9Aj9oVQ8LJkkGIzwha1EUJDEACiUWEncSHzU+RSg0Hh1VUS0eM3cOJwQBXhsKITECOzR7Gnwxenc2dFcpKwFwGgkbZV4sIDcPdyo2KDEAFnYsAmsXFgctSzsGNw9oCBc2BUYNKQMdaxACGDEDOAYrDGslAyIPcEQkPDpfEnMAPFIFegAZUAs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-77.fra2.r.cloudfront.net
Software: /
Resource Hash: ad4aa77177c7368bfab0f944d37a596282cfd4021616032b1ca363d767123f25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nandlookfo.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 322
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
x-amz-cf-id: Nm6oFqhaqjlhcgqLl654ms4e-UduMCHIX0iQnwyhuKVbPXQYVk6GFw==

GET
H/1.1 200
OK 01602088365889.png
static.cdnativepush.com/contents/s/1b/e9/ef/c45191508dd0ffe9619d8e8d61/ 2 KB
3 KB 55ms
13ms Image
image/png 139.45.197.188
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.cdnativepush.com/contents/s/1b/e9/ef/c45191508dd0ffe9619d8e8d61/01602088365889.png
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/education-insurance-plans-that-pay-for-higher-education/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 139.45.197.188 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: b0cd7af0b912b1a17ecfb9284d55058a59e621500acb94e2d4a5bbfd5eb6d022

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 05 Oct 2021 15:56:24 GMT
Last-Modified: Thu, 01 Jul 2021 09:13:54 GMT
Server: nginx
ETag: "60dd8752-86d"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 2157

GET
H3 200 tg-925109.js Show response
mynewsmedia.co/edu/Linkpage/ Frame E42F 157 KB
47 KB 20ms
20ms Script
application/javascript 104.21.51.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co//edu/Linkpage/nyc.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.51.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b13a24ceb7682e8bc5d7cc963d910191a4a5d9239e6614d6a0a24e092e6694

Request headers

:path: /edu/Linkpage/tg-925109.js
pragma: no-cache
cookie: _ga=GA1.2.648312916.1633449384; _gid=GA1.2.2026219009.1633449384; _gat_gtag_UA_134987322_6=1; _gat_gtag_UA_134987322_9=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: mynewsmedia.co
referer: https://mynewsmedia.co//edu/Linkpage/nyc.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co//edu/Linkpage/nyc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83399
cf-polished: origSize=161215
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 03 May 2021 18:32:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDjgJ6QBuC5vjvuc2eRpMlvEDfUkiqY5DIxebtzHxunslEqyhKGGqLbTKwbP4uqiuYvqq7Zo55JNagzNNVojEMtL6EjhvAX1G7tqlJlSsn0YKSkWbc81SEQJxmJGUCHTaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 6997d6ffc8046927-FRA
expires: Mon, 11 Oct 2021 16:46:25 GMT

GET
H2 204 utx Show response
nandlookfo.fun/ Frame E42F 0
413 B 100ms
100ms XHR
text/plain 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/utx?cb=QSArMB065ZWd&top=mynewsmedia.co&tid=925109
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:25 GMT
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: AqV3PyLRj0hBFOaWhVFi4Robe4nDJzPc8rZm4_PQV1dbdOgi6z7tTg==

GET
H2 200 popunder.gif
ursegreatm.fun/ Frame E42F 35 B
369 B 98ms
98ms Image
image/gif 143.204.98.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ursegreatm.fun/popunder.gif
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-14.fra50.r.cloudfront.net
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Tue, 05 Oct 2021 15:56:25 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
content-length: 58
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
x-amz-cf-id: X5KJ4gBY8FO07PMvuRWN6IZPxmmS7jYN7RT9qgtKnCq0xpPMa3mZCw==

GET
H2 200 LGVwQFIvYQZ7MQISXEsKG0QLTDQGBX1ZCiReW10d Show response
nandlookfo.fun/NjhldTRXWgYYC1cFB1NBRFRYUAZwHVczUAddFhBWVVwIQ0NODw9bV1pXEBFSRFcLARpYXRFQBnBbNjN6RFxWPEZmeTAnYGJPUzEERnQAGG5XalUBQXlqAix8clAQPU1vegAnU31/JjhdZl9RJWJyTxUxBEZ7Bx8MfX83IwVSaVEvcW5uDCFmb2... Frame C05C 3 KB
2 KB 100ms
100ms Document
text/html 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/NjhldTRXWgYYC1cFB1NBRFRYUAZwHVczUAddFhBWVVwIQ0NODw9bV1pXEBFSRFcLARpYXRFQBnBbNjN6RFxWPEZmeTAnYGJPUzEERnQAGG5XalUBQXlqAix8clAQPU1vegAnU31/JjhdZl9RJWJyTxUxBEZ7Bx8MfX83IwVSaVEvcW5uDCFmb28uGAFQbTQsAGZ5Jz52T2FWMVxzWi8fbWZtNBZEVF88LHd1fUBHcnRAPy1RXm4AImF8TDwjQFB6NjANckACM3sFYj8nTEEAARlYfmlWHQ1hCS83d1hiPydDY1A1IwVyblYGZmJTMzZ5cW4DLVhSDjwCGVlwJBxlBHAnPGV/QgoTYV15Ki9YXnk9PUBabA4jd298AjF1TgAOEVhdCDNGRFx6HUFuemA/L2ZObRE4dXdhMkcFXm8dJFV5UhIycVpcUzNifH09PVwPYFU/clALVBFmcFxTLExRbyM2X155CT91clU/LGVwQFIvYQZ7MQISXEsKG0QLTDQGBX1ZCiReW10d
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 71f8cf4c1db55c04de0b9194a3608a5071c4cf007c95a9a72ee29eea4fe61263

Request headers

:method: GET
:authority: nandlookfo.fun
:scheme: https
:path: /NjhldTRXWgYYC1cFB1NBRFRYUAZwHVczUAddFhBWVVwIQ0NODw9bV1pXEBFSRFcLARpYXRFQBnBbNjN6RFxWPEZmeTAnYGJPUzEERnQAGG5XalUBQXlqAix8clAQPU1vegAnU31/JjhdZl9RJWJyTxUxBEZ7Bx8MfX83IwVSaVEvcW5uDCFmb28uGAFQbTQsAGZ5Jz52T2FWMVxzWi8fbWZtNBZEVF88LHd1fUBHcnRAPy1RXm4AImF8TDwjQFB6NjANckACM3sFYj8nTEEAARlYfmlWHQ1hCS83d1hiPydDY1A1IwVyblYGZmJTMzZ5cW4DLVhSDjwCGVlwJBxlBHAnPGV/QgoTYV15Ki9YXnk9PUBabA4jd298AjF1TgAOEVhdCDNGRFx6HUFuemA/L2ZObRE4dXdhMkcFXm8dJFV5UhIycVpcUzNifH09PVwPYFU/clALVBFmcFxTLExRbyM2X155CT91clU/LGVwQFIvYQZ7MQISXEsKG0QLTDQGBX1ZCiReW10d
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mynewsmedia.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/

Response headers

content-type: text/html
content-length: 1233
date: Tue, 05 Oct 2021 15:56:25 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: gn16eeSK3T_cIf-wl6N6iWneFAQ_OG0ao0XxwkL-lg8q2zHkp3NJnw==

GET
H2 200 floater Show response
nandlookfo.fun/ Frame E42F 2 KB
2 KB 490ms
490ms XHR
text/plain 13.225.87.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nandlookfo.fun/floater?cs=Qnphd1NzTAAVYSZCBxY3cktYFGNy&abt=0&red=1&sm=83&k=&v=0.8.1.0&sts=0&prn=0&emb=1&tid=925109&u=845390627166361&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fmynewsmedia.co%2F%2Fedu%2FLinkpage%2Fnyc.php&osr=mynewsmedia.co&jst=8&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F93.0.4577.63%20safari%2F537.36&tzd=0&uloc=&if=0&aa=td5_oi1_&_QRyG=1633449385062&crc=1
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-76.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e210df22a18354f14c499fed6c686d8cf1aa68ecaa9083ca343f5a65964a00d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Oct 2021 15:56:25 GMT
content-encoding: gzip
server: openresty/1.17.8.2
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://mynewsmedia.co
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
content-type: text/plain
content-length: 1151
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
x-amz-cf-id: XZybT3NRovyEDQbUKlNpI5ASNLJau2ny6PHzEMZJeifqSyQ6XRDaow==

GET
H2 200 BxZXehVeWUJtYVtfBSE9DxgFO3ZZRxw8dllHQ3h9W1JBCnZZRwUhPV1DV3sRTkVCMGVfXld6Yw-oHAiQ2HBIQIzofUkAOZlhAXHtlTkVCYDgDAx8kdlk0V3pjBx4ZLXZZRxUtMAAYW21hWxQaOjwGEld6FVJEXHh9X0JFf31dRFd6YxgWFCkhAlJADmZYQFx7ZU0CTw Show response
d1esebcdm6wx7j.cloudfront.net/cSFNrd3IrPAURTTw6D0pLemZaR0tuORgYHDhuHyYBeRgKGCMiPg4PVDwpD0pCbj8KGRV1dQ4ZEXViTRYWKm5fUQY4PABKByY3DhEbJjYPUQcpbgYYCCE/ Frame C05C 400 B
600 B 156ms
156ms Script
text/plain 13.224.194.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1esebcdm6wx7j.cloudfront.net/cSFNrd3IrPAURTTw6D0pLemZaR0tuORgYHDhuHyYBeRgKGCMiPg4PVDwpD0pCbj8KGRV1dQ4ZEXViTRYWKm5fUQY4PABKByY3DhEbJjYPUQcpbgYYCCE/BxZXehVeWUJtYVtfBSE9DxgFO3ZZRxw8dllHQ3h9W1JBCnZZRwUhPV1DV3sRTkVCMGVfXld6Yw-oHAiQ2HBIQIzofUkAOZlhAXHtlTkVCYDgDAx8kdlk0V3pjBx4ZLXZZRxUtMAAYW21hWxQaOjwGEld6FVJEXHh9X0JFf31dRFd6YxgWFCkhAlJADmZYQFx7ZU0CTw
Requested by: Host: nandlookfo.fun
URL: https://nandlookfo.fun/NjhldTRXWgYYC1cFB1NBRFRYUAZwHVczUAddFhBWVVwIQ0NODw9bV1pXEBFSRFcLARpYXRFQBnBbNjN6RFxWPEZmeTAnYGJPUzEERnQAGG5XalUBQXlqAix8clAQPU1vegAnU31/JjhdZl9RJWJyTxUxBEZ7Bx8MfX83IwVSaVEvcW5uDCFmb28uGAFQbTQsAGZ5Jz52T2FWMVxzWi8fbWZtNBZEVF88LHd1fUBHcnRAPy1RXm4AImF8TDwjQFB6NjANckACM3sFYj8nTEEAARlYfmlWHQ1hCS83d1hiPydDY1A1IwVyblYGZmJTMzZ5cW4DLVhSDjwCGVlwJBxlBHAnPGV/QgoTYV15Ki9YXnk9PUBabA4jd298AjF1TgAOEVhdCDNGRFx6HUFuemA/L2ZObRE4dXdhMkcFXm8dJFV5UhIycVpcUzNifH09PVwPYFU/clALVBFmcFxTLExRbyM2X155CT91clU/LGVwQFIvYQZ7MQISXEsKG0QLTDQGBX1ZCiReW10d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-77.fra2.r.cloudfront.net
Software: /
Resource Hash: 939cc29f22335e63fb551281b21861c3d1278050cc38c01c500c25197d959d0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nandlookfo.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:25 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 324
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
x-amz-cf-id: 0cczbOgOLAdlcP3D0QlfD8_XnrzhmcGz6TKbF4DmOOXehMUJgewt5Q==

GET getlaid.jpeg
webpick-cdn.s3.us-west-2.amazonaws.com/ Frame 7F14 0
0

GET
H2 200 /
stats.vlitag.com/abd/ 0
553 B 153ms
116ms Image
image/jpeg 104.26.14.238

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.vlitag.com/abd/?id=0749d0aeb8637879e1cf64376484c635&detect=notfound
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.14.238 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mynewsmedia.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 15:56:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ad3gsZsCkB62JxVqXD0ru6tCBtiPL3ZJw6XHA3NmOIWXdpCXvA8eDkIDgQrAe2OZnFHY0tdm9z5h0vyxfLlDmlP2UZQ7NKfuTjzs31kN%2BVk8MAj34uVUn4pOPNeDvrrQln4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6997d7034d6d410e-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK getlaid.jpeg
webpick-cdn.s3.us-west-2.amazonaws.com/ Frame E455 9 KB
9 KB 614ms
192ms Image
image/jpeg 52.92.163.242

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
Requested by: Host: mynewsmedia.co
URL: https://mynewsmedia.co/edu/Linkpage/tg-925109.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.92.163.242 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 05 Oct 2021 15:56:27 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
Server: AmazonS3
x-amz-request-id: Z11DWK3JZ56S3ZQ6
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 9313
x-amz-id-2: uvHRGO/QU+pIORcMC0AWY8sdfrE8Fxwx7PMC8r0cZlxspV4oGAHZw+KnD6N0/dwFWVvq1OFnE9o=
x-amz-meta-s3b-last-modified: 20200625T081632Z

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: webpick-cdn.s3.us-west-2.amazonaws.com
URL: https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gplinks.in/	1969-12-31 23:59:59	Name: AppSession Value: 9a1c271f47b996af78b9739c3b380c62
gplinks.in/	1969-12-31 23:59:59	Name: csrfToken Value: f5271e88fa770c0f2e6755ba318c5892eb74e8434ab0e931aafec4ec13c1207477a04849c61ad487a382e2c5f929ab59dec336f3601f1b092ca2cbf5b7f89cf7
gplinks.co/	1969-12-31 23:59:59	Name: AppSession Value: abdd8db6700ba026152bc4654a723f84
gplinks.co/	1969-12-31 23:59:59	Name: csrfToken Value: 6314d8f8de1aa1f1fd34fea34a83f6487124e61de0fed0daadb31610469c6dfd8c6ac53234925f7c5636bf7df5c4def25c52fd3c3978f1d06018f40356c7b921
gplinks.co/	1970-01-19 21:45:35	Name: app_visitor Value: Q2FrZQ%3D%3D.ZjIzMzNmMWE2MmMzZDc5NTA1MGNhYzI3ZWE4MTg0YzU1OTk4OWE1ZWMxZjhhY2I1ZDFlZGJhNzYzMzM3OGY4YnCOc0U4QoZ%2BJGQ3Fg5Sh%2F5NbbC0SSc3c7fP%2FARlS0QoZvs0vcyuPvjictPEzei%2Bpxt7hOseeOh%2BABBcm7W%2Ba8iRMCIgvp%2FcIZiSJX7W1203
.gplinks.co/	1970-01-19 21:44:11	Name: __cf_bm Value: lnLLJf98uZv93Y9On2ocRcQuwKj7.uL70igS7xU8QiY-1633449382-0-ASceOQhd3H0jO+Roomd+f0nR+GxvvvECVpD9ZpUTGssd1rX7LTcnFirBewa/yWMRfmoYDJY5q0WxFXJq8bYA/V0=
yantrasbarges.com/	1970-01-19 21:45:35	Name: GL_UI4 Value: eJw9jUtOwzAYhPMOVUnESDkAR4hJi9sl4hAsI8f%2Bk5omduWYRtweCwlW82kemiiKkqZGfC9SpF%2FiiGfJiTP%2BIjk%2FsaHtDufXjsYj46eRHfhZKez02nsxzOQzPE5kyGnZS6uowlOI%2FpyrsZvJkA9OGFUhX0JjrlAOzm4ruSZFZsRCKN4vzgbNF%2FFpHZJzF1CbgHGLxK5NWu9Qfmijwq7eI2FtXRUR9rdZ%2BNG6pdeqiJFPTihC%2FIYHKTxN1n2jVLRevb0Bdlb9f%2F%2F3Nt1Yi0LRXcvwbf2F3A%2Fx6Uoh
yantrasbarges.com/	1970-01-19 21:45:35	Name: GL_GI10 Value: eJxNjtFKw0AQRdONjV2sLRf6Af5AC6viB%2Bi7L2mel5BMwz50ZtmdqvHrTVtQHwYu53IuUxSF2axgQsT60b3s3JPbOfd8PpQDCUxTY9nJiTWNntsj4b7hoNQ%2F1NoqZVSJhiAMs3%2FH3TX7TnrCvKm3%2F9jFtXtippyJcNMFHWFfE7F%2BivSwZ3BVl5P6V5QhR9j6NLQpj9zBMqnPkWhy3iRFSdMjWP3Sy0ZVYhGyj0m%2BxmqGtYYjfQuTl8Mhk97OMfuozA%2Bxjk2r
.vmuid.com/	1970-01-21 10:52:19	Name: guid Value: 1e0a2780-3cfa-4263-b9c9-20d3993b34e3
yookcasula.com/	1970-01-19 21:45:35	Name: GL_UI4 Value: eJw9jUtOwzAYhPMOVUnESDkAR4hJi9sl4hAsI8f%2Bk5omduWYRtweCwlW82kemiiKkqZGfC9SpF%2FiiGfJiTP%2BIjk%2FsaHtDufXjsYj46eRHfhZKez02nsxzOQzPE5kyGnZS6uowlOI%2FpyrsZvJkA9OGFUhX0JjrlAOzm4ruSZFZsRCKN4vzgbNF%2FFpHZJzF1CbgHGLxK5NWu9Qfmijwq7eI2FtXRUR9rdZ%2BNG6pdeqiJFPTihC%2FIYHKTxN1n2jVLRevb0Bdlb9f%2F%2F3Nt1Yi0LRXcvwbf2F3A%2Fx6Uoh
yookcasula.com/	1970-01-19 21:45:35	Name: GL_GI10 Value: eJxNjtFKw0AQRdONjV2sLRf6Af5AC6viB%2Bi7L2mel5BMwz50ZtmdqvHrTVtQHwYu53IuUxSF2axgQsT60b3s3JPbOfd8PpQDCUxTY9nJiTWNntsj4b7hoNQ%2F1NoqZVSJhiAMs3%2FH3TX7TnrCvKm3%2F9jFtXtippyJcNMFHWFfE7F%2BivSwZ3BVl5P6V5QhR9j6NLQpj9zBMqnPkWhy3iRFSdMjWP3Sy0ZVYhGyj0m%2BxmqGtYYjfQuTl8Mhk97OMfuozA%2Bxjk2r
.mynewsmedia.co/	1970-01-20 15:15:21	Name: _ga Value: GA1.2.648312916.1633449384
.mynewsmedia.co/	1970-01-19 21:45:35	Name: _gid Value: GA1.2.2026219009.1633449384
.mynewsmedia.co/	1970-01-19 21:44:09	Name: _gat_gtag_UA_134987322_6 Value: 1
.mynewsmedia.co/	1970-01-19 21:44:09	Name: _gat_gtag_UA_134987322_9 Value: 1
my.rtmark.net/	1970-01-20 06:29:45	Name: ID Value: 2d89a0210ee74d849b06d903f9c544f5
in-page-push.com/	1970-01-20 06:29:45	Name: OAID Value: 2d89a0210ee74d849b06d903f9c544f5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.duckduckgo.com
aptimorph.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
d1esebcdm6wx7j.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
freychang.fun
gplinks.co
gplinks.in
in-page-push.com
my.rtmark.net
mynewsmedia.co
nandlookfo.fun
static.cdnativepush.com
stats.g.doubleclick.net
stats.vlitag.com
ursegreatm.fun
vmuid.com
webpick-cdn.s3.us-west-2.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
www.pnglib.com
yantrasbarges.com
yookcasula.com
webpick-cdn.s3.us-west-2.amazonaws.com
104.16.19.94
104.16.86.20
104.21.2.80
104.21.45.207
104.21.51.98
104.21.90.9
104.26.14.238
13.224.194.77
13.225.87.76
139.45.195.8
139.45.197.15
139.45.197.188
142.250.186.174
142.250.186.35
143.204.98.14
172.217.18.106
172.255.6.217
172.66.40.130
172.67.208.78
173.194.76.156
178.162.196.156
216.58.212.168
23.109.82.11
40.114.177.156
52.92.163.242
69.16.175.10
00ccc9f102d502966c4f403c4c9acd4999009f708e069e769adf2c07ced1f925
03e7e4b6ef1d39c3c85bba1cfc528b7a832353d1574165f35da1604a3fc0491d
09cef86483b432abf22a0c9569e761ed8b50193422f209afa0fcaaaed0e6389e
0cac796e636db4a5146cf5fec25f59d180c0e6e3ab3135a2734a66cda24ade4c
1c15ca9bca87b73ee3f65105657ed66ba35b7c7346ad9233fa169af78bd76ae8
22b35c4a3cc1c206a045a5c8b580dbeafb95fc276dff22c7d4f2c5678ec5c54b
278e9b2b52f40811df066b93ee8335ec35260e10d2975bae8aeec6eca6437731
2beb5fa2889c472408dbd68e732864d0051b1711678adf01348326021953ec72
334e714a1c5ebefb28783d1c809dda2a01b916554121e92067a2e41417cd10a2
4349a873d037bf4aba6ad31ab97a4628bed3584b4d289ce40bbdb677220a764d
4885da660044dd23d5d6aa035466a35f4064cb6b2f73eb762630266b516f3a08
54c453e3912c745ccc8d5c3553b0f91232ccb0621445da7c626348729adc4deb
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71b337ac7fe7e8df7f9f8da261d03219901aa574e2819c5c726199078187c1a5
71f8cf4c1db55c04de0b9194a3608a5071c4cf007c95a9a72ee29eea4fe61263
76ebc83e749ede9e2891563896fadb296889b55db6f999856e262db74514ae6a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79cc7d23baf92f223f4fec8f3ee476fb5ae6b0daa8ee0c9071b596cd1f97c7ff
82b13a24ceb7682e8bc5d7cc963d910191a4a5d9239e6614d6a0a24e092e6694
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ae2593c46f5c98de8c7d71d16b318b83990cd9350427555fbf75ccf062c31b4
8b4b5b0101e146e8301d988bb970d640786c0c72b43af054aed5c92dff12f948
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d6050216a4bae779bcca48452cb92f7b26a0bae6670496207ed927de8789e48
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
9290455b5b11e2da7e555ca17cad56ae949cb551bdc859f969e276ea3b3eb7e7
939cc29f22335e63fb551281b21861c3d1278050cc38c01c500c25197d959d0e
9c5ff03aa26d6500f9dc6d33757b7dc8eeac8d12c6ef08a4b9cc9edfe2a96d1e
a60f05241c10731fac30ffb51c6e79d0c0dc5592c835efb90618e6f736c9f729
ad4aa77177c7368bfab0f944d37a596282cfd4021616032b1ca363d767123f25
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b0cd7af0b912b1a17ecfb9284d55058a59e621500acb94e2d4a5bbfd5eb6d022
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
bd3bbd3b9f8aaf2fa61ef7646899cda12097f7332fa3302bfbec50c80986fe24
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c6bd7a2b3f096a14e9dd6b889dc664c325fbcf0f951d8f89309e4ca736dc8935
caf60c3af25f2f972ff6a26482e2279d394c15cd6a7f04a19a7ca8b5adb1341a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d4a01f1ec80702ac53441c8fa63f87cba3aac2b850742e2c9e70eb7af16d5ae6
d68669743a86aaff61556536c2b1fc38f296fc788684314c214de2875d1d7db3
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e00e89ff241e2307fff59823b97f01bbfb982cb7dfe63430ec11dc144de615a2
e210df22a18354f14c499fed6c686d8cf1aa68ecaa9083ca343f5a65964a00d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
e900e5ae80b3edc54ea9b2df7846ae84f246673337448b3a7b112c7a0b44f4d4
eb112d50f744cf58c2ebecb8a5b0d950c7f5a7a37c9842d21e2f678144dd149a
f5f0b6e68dfaab5fdafeee920631895fa6c0e3ec2bfe7689fcc6247f854b772f
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

mynewsmedia.co Open in urlscan Pro 104.21.51.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

98 %HTTPS

0 %IPv6

26 Domains

26 Subdomains

26 IPs

5 Countries

845 kBTransfer

1735 kBSize

17 Cookies

2 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mynewsmedia.co Open in urlscan Pro
104.21.51.98 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

98 %
HTTPS

0 %
IPv6

26
Domains

26
Subdomains

26
IPs

5
Countries

845 kB
Transfer

1735 kB
Size

17
Cookies

64 HTTP transactions
0 data transactions