urlscan.io logo urlscan.io
SecurityTrails logo

bnr.hyperadsdesign.com Open in urlscan Pro
35.172.251.236  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false
Effective URL: https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&dev...
Submission: On January 19 via manual — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 14 domains to perform 35 HTTP transactions. The main IP is 35.172.251.236, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is bnr.hyperadsdesign.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 23rd 2023. Valid for: a year.
This is the only time bnr.hyperadsdesign.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 193.108.153.10 20940 (AKAMAI-ASN1)
4 139.45.195.8 9002 (RETN-AS)
16 172.64.203.13 13335 (CLOUDFLAR...)
1 35.172.251.236 14618 (AMAZON-AES)
1 2600:9000:223... 16509 (AMAZON-02)
5 18.196.175.240 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 54.171.206.191 16509 (AMAZON-02)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 18.196.16.121 16509 (AMAZON-02)
1 176.52.241.189 15817 (MITTWALD-...)
35 11
1    193.108.153.10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-10.deploy.static.akamaitechnologies.com
ak.hauchiwu.com
4    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
16    172.64.203.13 (United States)

ASN13335 (CLOUDFLARENET, US)
wholefreshstories.com
1    35.172.251.236 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-251-236.compute-1.amazonaws.com
bnr.hyperadsdesign.com
1    2600:9000:223d:ec00:c:cb59:380:21 (United States)

ASN16509 (AMAZON-02, US)
d38dxwbthvbuvi.cloudfront.net
5    18.196.175.240 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
lnk.gameclickads.net
fssk.programmaticwidget.tech
4    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2606:4700:20::681a:cd7 (United States)

ASN13335 (CLOUDFLARENET, US)
r.linksprf.com
1    2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)
as.ad4m.at
1    54.171.206.191 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-206-191.eu-west-1.compute.amazonaws.com
tc.tradetracker.net
1    2606:4700:3037::6815:15c0 (United States)

ASN13335 (CLOUDFLARENET, US)
www.dr-jetskeultee.de
1    18.196.16.121 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-16-121.eu-central-1.compute.amazonaws.com
clk.tradedoubler.com
1    176.52.241.189 (Germany)

ASN15817 (MITTWALD-AS Mittwald CM Service GmbH und Co. KG, DE)
www.carolinstone.com
Apex Domain
Subdomains		 Transfer
16 wholefreshstories.com
wholefreshstories.com
63 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
573 B
4 gameclickads.net
lnk.gameclickads.net
13 KB
4 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 11663
2 KB
2 linksprf.com
r.linksprf.com — Cisco Umbrella Rank: 81816
1 KB
1 carolinstone.com
www.carolinstone.com
1 tradedoubler.com
clk.tradedoubler.com — Cisco Umbrella Rank: 90788
547 B
1 dr-jetskeultee.de
www.dr-jetskeultee.de
1 tradetracker.net
tc.tradetracker.net — Cisco Umbrella Rank: 139771
592 B
1 ad4m.at
as.ad4m.at — Cisco Umbrella Rank: 29340
711 B
1 programmaticwidget.tech
fssk.programmaticwidget.tech
777 B
1 cloudfront.net
d38dxwbthvbuvi.cloudfront.net
564 KB
1 hyperadsdesign.com
bnr.hyperadsdesign.com
2 KB
1 hauchiwu.com
ak.hauchiwu.com — Cisco Umbrella Rank: 377685
2 KB
35 14
Domain Requested by
16 wholefreshstories.com ak.hauchiwu.com
wholefreshstories.com
4 www.google-analytics.com lnk.gameclickads.net
4 lnk.gameclickads.net bnr.hyperadsdesign.com
lnk.gameclickads.net
4 my.rtmark.net ak.hauchiwu.com
wholefreshstories.com
2 r.linksprf.com 1 redirects lnk.gameclickads.net
1 www.carolinstone.com r.linksprf.com
1 clk.tradedoubler.com 1 redirects
1 www.dr-jetskeultee.de fssk.programmaticwidget.tech
1 tc.tradetracker.net 1 redirects
1 as.ad4m.at 1 redirects
1 fssk.programmaticwidget.tech lnk.gameclickads.net
1 d38dxwbthvbuvi.cloudfront.net bnr.hyperadsdesign.com
1 bnr.hyperadsdesign.com wholefreshstories.com
1 ak.hauchiwu.com
35 14

This site contains no links.

Subject Issuer Validity Valid
ak.hetaruwg.com
R3		 2024-01-15 -
2024-04-14		 3 months crt.sh
rtmark.net
R3		 2023-12-23 -
2024-03-22		 3 months crt.sh
wholefreshstories.com
GTS CA 1P5		 2023-12-10 -
2024-03-09		 3 months crt.sh
*.thekingtrack.com
Amazon RSA 2048 M02		 2023-02-23 -
2024-02-12		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.gameclickads.net
Amazon RSA 2048 M01		 2023-02-13 -
2024-02-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.adbidderspartners.com
Amazon RSA 2048 M02		 2024-01-03 -
2025-02-01		 a year crt.sh
linksprf.com
GTS CA 1P5		 2024-01-02 -
2024-04-01		 3 months crt.sh
dr-jetskeultee.de
GTS CA 1P5		 2023-12-12 -
2024-03-11		 3 months crt.sh
www.carolinstone.com
R3		 2023-12-09 -
2024-03-08		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
Frame ID: 392D72DB358CDC38F32811E5AA68D833
Requests: 25 HTTP requests in this frame

Frame: https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Frame ID: DB621A6E3AB4D41D83C929D5F62B6BD7
Requests: 6 HTTP requests in this frame

Frame: https://www.dr-jetskeultee.de/
Frame ID: 1F0DD1BCFC4A8F38A070A215ABCF1ADF
Requests: 3 HTTP requests in this frame

Frame: https://www.carolinstone.com/de?tduid=1459d1c095b8605c03dfc8ca2a247468
Frame ID: 284C3ECE2C2E26CD4E817CF1C1DB339A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false Page URL
  2. https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z... Page URL
  3. https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z... Page URL
  4. https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersi... Page URL

Page Statistics

35
Requests

100 %
HTTPS

38 %
IPv6

14
Domains

14
Subdomains

11
IPs

4
Countries

648 kB
Transfer

726 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false Page URL
  2. https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Page URL
  3. https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2 Page URL
  4. https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33
  • https://r.linksprf.com/v1/redirect?type=linkId&id=ad349d731f7c4ae2aa578b0a22aeb446&api_key=f8f9429830d1fdc6c4ec92fad304fae8&site_id=5974aa03fdcf4fb08b577a84ad12b715&dch=feed&ad_t=advertiser&yk_tag=65aa476c4d8f470822bdccc8-RL-411940 HTTP 302
  • https://r.linksprf.com/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sct=0&ct=1705658220596&cu=017f0692569a4b3c903c5206322f83c4&ykuid=15ef93bf5d874215ade027343bda82b6&sc=1&cs=308c267a0103be44082d0564efe5f29c
Request Chain 34
  • https://as.ad4m.at/ad/tur?a=2215&c=https%3A%2F%2Fdr-jetskeultee.de&b=65aa476c4d8f470822bdccc8412080 HTTP 307
  • https://tc.tradetracker.net/?c=27695&m=0&a=386113&r=oneidr52RtQf9fG6zetrtQcXcJCE2dHYSJtQfdoneid_65aa476c4d8f470822bdccc8412080&u= HTTP 301
  • https://www.dr-jetskeultee.de/
Request Chain 35
  • https://clk.tradedoubler.com/click?p=324369&a=1805214&epi=v030400016559017f0692569a4b3c903c5206322f83c4 HTTP 302
  • https://www.carolinstone.com/de?tduid=1459d1c095b8605c03dfc8ca2a247468

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ak.hauchiwu.com/partitial/5117843/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.108.153.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a193-108-153-10.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
721
content-type
text/html; charset=utf8
date
Fri, 19 Jan 2024 09:56:58 GMT
expires
Fri, 19 Jan 2024 09:56:58 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://wholefreshstories.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
pragma
no-cache
timing-allow-origin
*
vary
Accept-Encoding
x-trace-id
272994c6d35ba8a1410f89587071bee3
img.gif
my.rtmark.net/ 		43 B
507 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=53ad3297a0d04bcf8230f6d2a44708f0
Requested by
Host: ak.hauchiwu.com
URL: https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://ak.hauchiwu.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
wholefreshstories.com/ 		40 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Requested by
Host: ak.hauchiwu.com
URL: https://ak.hauchiwu.com/partitial/5117843/?var=5419555&ab2r=0&prfrev=false&rhd=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
16488410bfc3f12b09fe42c701319ed33ee36446a69f398d0b14aef9e46402dc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847e35f9ad45007c-CDG
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:56:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ammzy8PrMzLMVfAzkGyKpmb7bjQKZEjjWvI%2FjFI1%2BVXvJTD41Hjb2BNv1xBs09M6D%2BW4%2FFUeCwjK3xk%2FQHZ14U%2Bha3Ht1pfHSwX1%2B%2BaHsynqrhj%2FpBCtaIL3%2Fk6St4wMrZt9WTXwLE8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
gid.js
my.rtmark.net/ 		65 B
547 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?userId=69aa82d9af8a28eafdb3551d806793dc
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
a15175f8e4f4055d91daedaf78788d13cec7420981eb3d547da0e672f5b27cbe
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholefreshstories.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
micro.tag.min.js
wholefreshstories.com/pfe/current/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73bb863239e7deafca0188b7a37efed56fec31a9f71d33cf253793c1e2738a34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 18 Jan 2024 08:50:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65a8e66f-69d0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwCr%2FG62wVM%2FCmEZ%2FiwZkbo7%2FEI4HZWYFVpVWmVSR%2B25omEG3kIMXa8qUQr7lXkrVAwvO4%2BahzpHBheDCPEUeNs6uXYi1YCtIi4ICJfQ98%2FHH4X%2BpuD2yBV%2BapqSo6NSRbBqJ4kBdsY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
847e35fa6e8c007c-CDG
alt-svc
h3=":443"; ma=86400
truncated
/ 		327 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
wholefreshstories.com/ 		2 B
393 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&mprtr=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=khHC6mV%2BJEHTPUJrpbOXVuzcs7ajtzkerECPazJsDygWgfInokmNwFriqiCm6iYlq8l8tgnDnzMmqMW30tqOvG8LEbVPLXc7XS8U4pn7NNBPxWkZfVZitUpOKaI%2FhvSe4BVHo%2B7TLOg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
847e35fa7e97007c-CDG
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
/
wholefreshstories.com/19/4662728/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/19/4662728/?abt_opts=1&var=5117843&var3=772149133929877764&ymid=&rhd=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a54926a5a86c88f069b3fed971fceaec4de7699a9c3b02b5ee5d2635e1366196
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
ee6e00c77fea9d07d5746388eb3304d9
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bry1ebGmGKeovf4Rqy59%2BwqXTGcKFlwm6ttrvlhSvsBiia7Bt%2F5W5SL6540M64vT3MDhl1bPZekUd9UFjzzyQZbKzyCoROC8ggcS0KOFYtZiPUBEmXlI2x3P42EcthEovdcCSfNDB4%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
847e35fa7ea3007c-CDG
expires
Tue, 11 Jan 1994 10:00:00 GMT
4662709
wholefreshstories.com/sw-check-permissions/ 		0
987 B 		Other
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/sw-check-permissions/4662709?var=5117843&ymid=772149133929877764&uhd=1&zoneId=4662709
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=It10BmmtIBE4kQq%2B1YdkiDneQ8xHymy%2FeO8h5FC%2FCWE%2FVK26rBTqkiEx9OY7NawLBKy42YQ%2BCX9gqKQ6Lz4JVi3T99oPjGbKUzLrjAVwmyppD%2BeGrUyFBNl7F8QRNjuMl9LlNrA3Gyg%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
847e35faff4d007c-CDG
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
zone
wholefreshstories.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholefreshstories.com&var=5117843&ymid=772149133929877764&var_3=&var_4=&dsig=&tg=1&sw=3.1.474&action=prerequest
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-trace-id
7a7c218a6bd489b5093d6b234d5d527c
date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPEwJxqhizM0wbK69I1nWzXBrJosc8i%2FOfaBciU5HVUVUWqDDy4VBb%2F8qOzXiwS0NwjSV9j8NIxnC%2BLUPgn%2FExl%2B97xR7HFqMjfb5mbSVf0jWUr%2FowomoyxqDhRWnm3H4%2FYVB5XY8lI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholefreshstories.com
access-control-allow-credentials
true
cf-ray
847e35faff50007c-CDG
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
gid.js
my.rtmark.net/ 		65 B
547 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=772149133929877764&var=5117843
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholefreshstories.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
wholefreshstories.com/ 		795 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholefreshstories.com&var=5117843&ymid=772149133929877764&var_3=&var_4=&dsig=&tg=1&sw=3.1.474&action=settings
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
21467844091b334b0c119b91eab02fa3
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5z1a%2BNXKIBaAeSi98XVt1plYXrmYEFkGM8SS%2Bvh%2BxswLuGkIbXq3DBj8Rg3bD8tMPnIg16seU2g1g7zIhWArwiXWhIpB%2FLZKYkGd1H%2FqYCOwxGoEdF8n5V1YER5%2BZi0JIYa33ZmQYwU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
847e35fb1a1a04aa-CDG
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
/
wholefreshstories.com/ 		40 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
2d657a922aa82a631e77893221cbee52f5d49f00a829d7b8e928335fe306d64f

Request headers

Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847e35fb4a8b04aa-CDG
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:56:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ozI1Jw7zYiTDusYMmb6HOkLt64vgX8qPQMXnrnrqYfwgbaQKd9Q7ep9PSLG4%2B9xfGRzrO5wYecJLbG3N3xaI05WttI8a8io4t%2BHYRaZPcJ8xrvT3GR8uqpO7Wwp55o69u2aUxEwJiY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
micro.tag.min.js
wholefreshstories.com/pfe/current/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73bb863239e7deafca0188b7a37efed56fec31a9f71d33cf253793c1e2738a34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 18 Jan 2024 08:50:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65a8e670-69d0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npLd3kDn14z%2BAS%2FHQq2WiynU5eRkSK5Kct%2BuUHgK9BFBo0HY%2BjP0UxwIrnwGN5%2Bd0lgl46PdUXwLzpyroT0WaXbm%2FGUEXb13mfzSaDun3m9BS94DMKA4VGQGQzInGK4J0%2FXDLvLpsUo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
847e35fc0c5104aa-CDG
alt-svc
h3=":443"; ma=86400
truncated
/ 		327 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
wholefreshstories.com/19/4662728/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/19/4662728/?abt_opts=1&var=5117843&var3=772149133929877764&ymid=&rhd=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77092494ad60c0e4aba6c223a606538b58d9ce6d99ffe9a591e80fa51916eb42
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
9a5a0f22e271df8cc46e654d328957e4
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thczFQ6C92yeVI5PB04%2FQWF5J0yIDNv%2BbNadeALRtNE4KuSBWYGSz3Ht3fHUi9WKO8paxCpUboGvxzD70UGJal%2FlMHFRHO5FWv9BE9l%2BbMu4xNoU5jt%2FrAuQGNBzgrFbn1%2Baae%2FkpU4%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
847e35fc0c5604aa-CDG
expires
Tue, 11 Jan 1994 10:00:00 GMT
/
wholefreshstories.com/ 		2 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2&mprtr=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=34QPnoLfVvj8dLO5haP0GdvSI7nOKxIniE1TCE5Rz3Cb%2BhWEar354D6LcqR8S3GxI2MZwYB8Lw0akXEgixW51eAcH3nRdT3ZE1STBvXWCpxAfD245CcBsbwsBqPLbDcwFHC%2FKGw7D7k%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
847e35fc4cd904aa-CDG
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
rhd
wholefreshstories.com/ 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/rhd?rb=wRcw9a10YHKrMnnd0X2RElWW6jVQ7_OasOLDktWrN_nmkc1yf0BXWvH-bJ8klKyAp3Gxhqu3pDnG16h8WyADP2kj1i3i5GfyrrM2BSXI_ZbdaR8nAWc3oDVyoRjCfx52S6zUUNBTdSdZRYt8BU0gsSWx1XY5M0oBlD17eOo1EoKfCHx0okVpv5dvTL_l2W2NWM0dZe74fhUYqYz9yDngvrm5b-LI84tXg5Ko3dy-Y9husByWL1SDpP6_5R0O3XPIps5msJMdeH9JdJ6xrxIMFCOlp5PW4IxVniU0hFkj_p05cUIwKNoFnDzUG3jGckLZ6-8jzVyeWZrwrfHlIYJW0QAS_-zvls-Tq5xpnHbb_ZdFqNeSwBikABpWWqeP5R5Os0R1boO7njbZpac2Uus881fvudi1j2CycxoGoIJVsOu5rUlTFwqf64VcZpw7Q0Jtgz8ZSwjXnIv_KV_rQxoOiJSMnDiMlF8-DAIn_Eq97b9LyCB_VAxdvHlFJy00QBdCa8fxLHXLQ8k9VqwJAxqLm6_ps1ypPJ8cZUZOND2Wwwc%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholefreshstories.com%2F%3Fs%3D772149133929877764%26ssk%3De7929b6372d4df446df8374561149bb2%26svar%3D1705658218%26z%3D5117843%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3D%26bto%3D%26rdc%3D2&drf=https%3A%2F%2Fwholefreshstories.com%2F%3Fs%3D772149133929877764%26ssk%3De7929b6372d4df446df8374561149bb2%26svar%3D1705658218%26z%3D5117843%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3D%26bto%3D&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5117843&var3=772149133929877764&ymid=&rhd=1&m=link
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
362da2256300d0ff9db45cbdd0a53830cbfb4f630c6902dfd63002ebb51c84e3
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:59 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
1009e2b74ce9adc8f7dcd25b69d7c42c
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytK8RmTYzPqH8ttbppRbKr8D1dAgqHfvbJ63opTliMxlN9Fc0BBzRaLakspot3lh6Uxd3MGZwVgLjRFqxfNDdsziTDUra6pwkJhPejgdIMN97nWv3HQDF74US3W599CIKEjhAo1DKXU%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
847e35fc8d8504aa-CDG
expires
Tue, 11 Jan 1994 10:00:00 GMT
4662709
wholefreshstories.com/sw-check-permissions/ 		0
961 B 		Other
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/sw-check-permissions/4662709?var=5117843&ymid=772149133929877764&uhd=1&zoneId=4662709
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7ZeOXDyMBBDplYqLUzodrFBCNZl7VEw8mvDKSQk7LYpdbZKe%2Bb%2BLC4ULoYUm5JXT5MWQHO13zS0l2PFeuqOY%2B6lsuLbZUmBQcQBPCf6jmIAdZIjGqhXA7ZTHlRPK9ndStdLDZo4JRw%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
847e35fc8d8c04aa-CDG
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
zone
wholefreshstories.com/ 		0
498 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholefreshstories.com&var=5117843&ymid=772149133929877764&var_3=&var_4=&dsig=&tg=1&sw=3.1.474&action=prerequest
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-trace-id
448d06151e998526f23952043792a672
date
Fri, 19 Jan 2024 09:56:59 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2B1eEBFnfgfsJPd3bp6vmgUgwLjufdHRCjBA4eUIegpbo4xQV840rsgltmM8yffnTSQHBMjs%2B%2FN4N5nVNswaJ6oasV3YyUUERnxpBb7gaceZKt%2BxzbA%2Bjth3ouB8URshnDD1bNXPaho%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholefreshstories.com
access-control-allow-credentials
true
cf-ray
847e35fc8d9004aa-CDG
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
gid.js
my.rtmark.net/ 		65 B
547 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=772149133929877764&var=5117843
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
a15175f8e4f4055d91daedaf78788d13cec7420981eb3d547da0e672f5b27cbe
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:58 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholefreshstories.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
wholefreshstories.com/ 		795 B
981 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholefreshstories.com&var=5117843&ymid=772149133929877764&var_3=&var_4=&dsig=&tg=1&sw=3.1.474&action=settings
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/pfe/current/micro.tag.min.js?z=4662709&ymid=772149133929877764&var=5117843&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e71fa814e0198066d91ec07215f4e9c60b7edca2777d3a68fde5048178666ba8
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:56:59 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
c302636c05717c3be8cfe26f1e9c14cd
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHF4dtaZmwWq3nI83acl0rYDPN88Bq1i0zjGFzOisaS6t6GPBGLABop7tuj75wpOHJSLPTl8rDZMOx6csnK8imfLMvvmbzuxyG8YuUgz3FA8dkE%2BYnnxlsCQz7qDJm3KKcDZt4NGwno%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
847e35fc9da504aa-CDG
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
Primary Request MPjL7pPFfXppRUMCmgScGALJ
bnr.hyperadsdesign.com/get/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.172.251.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-251-236.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
7ecc94f0d7ef4b872c360c98f7942c9adb00d2f1f8a22787440d0a4894f04be9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
1680
content-type
text/html
date
Fri, 19 Jan 2024 09:56:59 GMT
server
awselb/2.0
cat.php
wholefreshstories.com/ 		0
773 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://wholefreshstories.com/cat.php?userId=69aa82d9af8a28eafdb3551d806793dc&zoneid=4662728&rb=wRcw9a10YHKrMnnd0X2RElWW6jVQ7_OasOLDktWrN_nmkc1yf0BXWvH-bJ8klKyAp3Gxhqu3pDnG16h8WyADP2kj1i3i5GfyrrM2BSXI_ZbdaR8nAWc3oDVyoRjCfx52S6zUUNBTdSdZRYt8BU0gsSWx1XY5M0oBlD17eOo1EoKfCHx0okVpv5dvTL_l2W2NWM0dZe74fhUYqYz9yDngvrm5b-LI84tXg5Ko3dy-Y9husByWL1SDpP6_5R0O3XPIps5msJMdeH9JdJ6xrxIMFCOlp5PW4IxVniU0hFkj_p05cUIwKNoFnDzUG3jGckLZ6-8jzVyeWZrwrfHlIYJW0QAS_-zvls-Tq5xpnHbb_ZdFqNeSwBikABpWWqeP5R5Os0R1boO7njbZpac2Uus881fvudi1j2CycxoGoIJVsOu5rUlTFwqf64VcZpw7Q0Jtgz8ZSwjXnIv_KV_rQxoOiJSMnDiMlF8-DAIn_Eq97b9LyCB_VAxdvHlFJy00QBdCa8fxLHXLQ8k9VqwJAxqLm6_ps1ypPJ8cZUZOND2Wwwc=&var=5117843&var3=772149133929877764&ymid=&rhd=1
Requested by
Host: wholefreshstories.com
URL: https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.203.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://wholefreshstories.com/?s=772149133929877764&ssk=e7929b6372d4df446df8374561149bb2&svar=1705658218&z=5117843&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 19 Jan 2024 09:56:59 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
0
x-trace-id
e564a2462919e99864b091f8ec44bb12
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtpZ%2BPr%2FH%2F5ZpFGdcWzz19b0%2FpERMzyrfgcuLaE4f%2BQ4qbsJdfOE2Jon7mJMCa%2FfN2xhjx5BcnTtWCLNymBDwjlKBdubEME8wvc%2B0FXjI6qz8%2B9x%2BU4OgBwrl9e2YevxIPY1tWFJ1yY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholefreshstories.com
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
847e36000c6f04aa-CDG
expires
Tue, 11 Jan 1994 10:00:00 GMT
d4014e4019717fd3490b2e0f215fc738.png
d38dxwbthvbuvi.cloudfront.net/jcm-mm/ 		563 KB
564 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d38dxwbthvbuvi.cloudfront.net/jcm-mm/d4014e4019717fd3490b2e0f215fc738.png
Requested by
Host: bnr.hyperadsdesign.com
URL: https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ec00:c:cb59:380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b968694c2bb18e5ab881d4e65c0881e8978c9444911c91dd6e2cfdc9e2707ad3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 05:13:25 GMT
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
last-modified
Thu, 18 May 2023 19:58:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
17016
x-amz-server-side-encryption
AES256
etag
"e8e95bcac1e9ed550df5b767e6434e14"
vary
Accept-Encoding
x-cache
Hit from cloudfront
accept-ranges
bytes
content-length
576549
x-amz-cf-id
HEVDg9uvIrJm1mB44L67U62NTOHe1XbIojm5a0Z6zk3VnWGOeuE0Qw==
MPjL7pPFfXppRUMCmgScGALJ
lnk.gameclickads.net/trk/ Frame DB62 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Requested by
Host: bnr.hyperadsdesign.com
URL: https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.175.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2cb3bc5074b4151a80e347752f661b74933b4ccd8af8b4a3bffe8d66e3955d66

Request headers

Referer
https://bnr.hyperadsdesign.com/get/MPjL7pPFfXppRUMCmgScGALJ?connectionType=broadband&carrier=?&browserVersion=120&region=be&device=desktop&operatingSystem=windows&osVersion=win10&country=DE&language=de&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/120.0.6099.224%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000238&campaignId=7848590&paid=772149138363256952&subzone_id=0&oaid=69aa82d9af8a28eafdb3551d806793dc
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-language
de-DE
content-type
text/html;charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
c.js
lnk.gameclickads.net/js/ Frame DB62 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lnk.gameclickads.net/js/c.js
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.175.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 09:57:00 GMT
last-modified
Thu, 02 Mar 2023 20:36:26 GMT
accept-ranges
bytes
content-length
7804
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
/
lnk.gameclickads.net/ Frame 1F0D 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lnk.gameclickads.net/?bt=fssk.programmaticwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D2215%2526c%253Dhttps%25253A%25252F%25252Fdr-jetskeultee.de%2526b%253D65aa476c4d8f470822bdccc8412080&log=false&type=ROTATOR_LINK&linkId=412080&clickId=65aa476c4d8f470822bdccc8&br=false
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.175.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
648d3dcec7c22062830680d1a4047f3f6943f3a8da9b771c0461cb4896ec2f5b

Request headers

Referer
https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-language
de-DE
content-type
text/html;charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
/
lnk.gameclickads.net/ Frame 284C 		835 B
946 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lnk.gameclickads.net/?bt=kt.st00rmds.com&ref=&friend=&u=r.linksprf.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dad349d731f7c4ae2aa578b0a22aeb446%2526api_key%253Df8f9429830d1fdc6c4ec92fad304fae8%2526site_id%253D5974aa03fdcf4fb08b577a84ad12b715%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D65aa476c4d8f470822bdccc8-RL-411940&log=false&type=ROTATOR_LINK&linkId=411940&clickId=65aa476c4d8f470822bdccc8&br=true
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.175.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
624f7fa421fce175118a054dfccce6ce52999b5d6e01741a0431f660fa65f14e

Request headers

Referer
https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-language
de-DE
content-type
text/html;charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
referrer-policy
no-referrer
collect
www.google-analytics.com/ Frame DB62 		35 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect?v=1&tid=UA-82831422-1&t=pageview&ds=web&aip=1&cs=referral&cm=4274&cn=%28not+set%29&cc=%28not+set%29&dh=www.dr-jetskeultee.de&dp=%2F&dt=Hautpflege+%7C+Dr.+Jetske+Ultee&dr=&vp=1600x1200&sr=1600x1200&je=0&ul=en-US&cid=1297108240.162218764
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lnk.gameclickads.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 16:25:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
63079
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ Frame DB62 		35 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect?cs=Performing+Clicks&cc=412080&ck=42225&cm=Advanced+Store&cn=Dr+Jetske+Ultee&tid=UA-207047394-1&v=1&t=pageview&ds=web&aip=1&dh=www.dr-jetskeultee.de&dp=%2F&dt=Hautpflege+%7C+Dr.+Jetske+Ultee&dr=&vp=1600x1200&sr=1600x1200&je=0&ul=en-US&cid=1157695862.111800675
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lnk.gameclickads.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 16:25:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
63079
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ Frame DB62 		35 B
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect?v=1&tid=UA-26211480-7&t=pageview&ds=web&aip=1&cs=referral&cm=4284&cn=%28not+set%29&cc=%28not+set%29&dh=www.carolinstone.com&dp=%2F&dt=Carolin+Stone+Jewellery+%7C+offizielle+Website&dr=&vp=1600x1200&sr=1600x1200&je=0&ul=en-US&cid=1146876054.1326199920
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lnk.gameclickads.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 16:25:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
63079
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ Frame DB62 		35 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect?cs=The+Ad+Storm&cc=411940&ck=42225&cm=YieldKit&cn=Carolin+Stone+Jewellery&tid=UA-207047394-1&v=1&t=pageview&ds=web&aip=1&dh=www.carolinstone.com&dp=%2F&dt=Carolin+Stone+Jewellery+%7C+offizielle+Website&dr=&vp=1600x1200&sr=1600x1200&je=0&ul=en-US&cid=1977751585.1165122640
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lnk.gameclickads.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 16:25:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
63079
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
fssk.programmaticwidget.tech/ Frame 1F0D 		687 B
777 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fssk.programmaticwidget.tech/
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/trk/MPjL7pPFfXppRUMCmgScGALJ?browser=chrome&browserVersion=120&campaignId=7848590&carrier=%3F&connectionType=broadband&cost=0.000238&country=DE&device=desktop&language=de&oaid=69aa82d9af8a28eafdb3551d806793dc&operatingSystem=windows&osVersion=win10&paid=772149138363256952&region=be&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.224+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.175.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-175-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
cb71c509009feca90944ad932f1f384d47ca488d6dcb80f04135c68c72fd4774

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://lnk.gameclickads.net
Referer
https://lnk.gameclickads.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-language
de-DE
content-type
text/html;charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
go
r.linksprf.com/v2/ Frame 284C
Redirect Chain
  • https://r.linksprf.com/v1/redirect?type=linkId&id=ad349d731f7c4ae2aa578b0a22aeb446&api_key=f8f9429830d1fdc6c4ec92fad304fae8&site_id=5974aa03fdcf4fb08b577a84ad12b715&dch=feed&ad_t=advertiser&yk_tag=...
  • https://r.linksprf.com/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sc...
1 KB
822 B 		Document
General
Check archive.org
Download Go to
Full URL
https://r.linksprf.com/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sct=0&ct=1705658220596&cu=017f0692569a4b3c903c5206322f83c4&ykuid=15ef93bf5d874215ade027343bda82b6&sc=1&cs=308c267a0103be44082d0564efe5f29c
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/?bt=kt.st00rmds.com&ref=&friend=&u=r.linksprf.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dad349d731f7c4ae2aa578b0a22aeb446%2526api_key%253Df8f9429830d1fdc6c4ec92fad304fae8%2526site_id%253D5974aa03fdcf4fb08b577a84ad12b715%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D65aa476c4d8f470822bdccc8-RL-411940&log=false&type=ROTATOR_LINK&linkId=411940&clickId=65aa476c4d8f470822bdccc8&br=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dfa8680bbcbb4b3ba2674dfc9ae73cb78b0ffae211dacb4eee9dfeed2649517

Request headers

Referer
https://lnk.gameclickads.net/?bt=kt.st00rmds.com&ref=&friend=&u=r.linksprf.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dad349d731f7c4ae2aa578b0a22aeb446%2526api_key%253Df8f9429830d1fdc6c4ec92fad304fae8%2526site_id%253D5974aa03fdcf4fb08b577a84ad12b715%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D65aa476c4d8f470822bdccc8-RL-411940&log=false&type=ROTATOR_LINK&linkId=411940&clickId=65aa476c4d8f470822bdccc8&br=true
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
847e36071cbdbb3e-FRA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONX613R%2B88zMtdhMKLMQNmj%2FA7%2B7C%2FpnaIk%2FSSHXSAjoZj%2FUXsmaJd2DSzVe8yQtdEsa7kvVcM4SGFu9RxdqWFIKXH%2Bu%2Bx2KaS1WceOD2PiRthfgWNLUGFjXcE7beQSJCCX3ChQnJCLRwviw"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
847e36066c21bb3e-FRA
content-length
0
date
Fri, 19 Jan 2024 09:57:00 GMT
location
/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sct=0&ct=1705658220596&cu=017f0692569a4b3c903c5206322f83c4&ykuid=15ef93bf5d874215ade027343bda82b6&sc=1&cs=308c267a0103be44082d0564efe5f29c
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="CAO PSA OUR"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtVPM4C%2BpnPIXHCgh0jhSsOQ4xT0PUiZXfYBXeAhpNe5s9%2FbgGdznlLpUIsMF8SxjGzJuSfguwGxQYFUdoNNQ3BCLgDUtkbnREpazHNQi15hwuOKo8ZP4ZgHp7U1Myyc9ydSicbJ4uf35mTH"}],"group":"cf-nel","max_age":604800}
server
cloudflare
/
www.dr-jetskeultee.de/ Frame 1F0D
Redirect Chain
  • https://as.ad4m.at/ad/tur?a=2215&c=https%3A%2F%2Fdr-jetskeultee.de&b=65aa476c4d8f470822bdccc8412080
  • https://tc.tradetracker.net/?c=27695&m=0&a=386113&r=oneidr52RtQf9fG6zetrtQcXcJCE2dHYSJtQfdoneid_65aa476c4d8f470822bdccc8412080&u=
  • https://www.dr-jetskeultee.de/
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dr-jetskeultee.de/
Requested by
Host: fssk.programmaticwidget.tech
URL: https://fssk.programmaticwidget.tech/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:15c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fssk.programmaticwidget.tech/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, must-revalidate, no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
847e36098d066645-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:57:02 GMT
expires
Thu, 19 Jan 2023 09:57:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referer-policy
always, origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nM3O7crVyb8EScHVoVbNOmb7%2B0iCcnam1azhsyVKSGj%2BQtdQJ6TBMncqnbFCHvj8%2BICVZm14XF402uoK5ON9Pg%2FxFq%2BFkD5JG6AZhYeGG8poF1wWbfmDAYVPh3%2BJeUlKr2HQcS1PQWyONJ07teATes75MN4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-lb-backend
bk_http_cache
x-lb-frontend
fr_http_https
x-lb-server
tree.magehost.pro
x-realserver
tree.magehost.pro
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:57:00 GMT
location
https://www.dr-jetskeultee.de/
server
nginx
de
www.carolinstone.com/ Frame 284C
Redirect Chain
  • https://clk.tradedoubler.com/click?p=324369&a=1805214&epi=v030400016559017f0692569a4b3c903c5206322f83c4
  • https://www.carolinstone.com/de?tduid=1459d1c095b8605c03dfc8ca2a247468
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.carolinstone.com/de?tduid=1459d1c095b8605c03dfc8ca2a247468
Requested by
Host: r.linksprf.com
URL: https://r.linksprf.com/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sct=0&ct=1705658220596&cu=017f0692569a4b3c903c5206322f83c4&ykuid=15ef93bf5d874215ade027343bda82b6&sc=1&cs=308c267a0103be44082d0564efe5f29c
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
176.52.241.189 , Germany, ASN15817 (MITTWALD-AS Mittwald CM Service GmbH und Co. KG, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://r.linksprf.com/v2/go?t=4t3pf%3A2%2F6l2.cr0dcdbual6r2c6mfc1i9k5p1304463%26v%3Di8e5412%260p1%3Da0903020%3D6%3F5c0l7%2F0o9.5e9b4o3e9a3t5k0c3%2F2s8tch&e=1&ai=ac75eee2358147e491e1f30e3ca0e9d8&sct=0&ct=1705658220596&cu=017f0692569a4b3c903c5206322f83c4&ykuid=15ef93bf5d874215ade027343bda82b6&sc=1&cs=308c267a0103be44082d0564efe5f29c
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
8880
cache-control
no-store, no-cache, must-revalidate, no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 09:57:01 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
link
</web/cache/1705008250_4343ee355e482b52809f8f18f36ddd0a.css>; rel="preload"; as="style",</web/cache/1705008250_4343ee355e482b52809f8f18f36ddd0a.js>; rel="preload"; as="script"
pragma
no-cache
server
Apache
vary
Accept-Encoding
x-content-digest
en18f13a6d6e7bacf504b9e85dfd78c92fa314e7be4ab67057e90f1719fa5cd96b
x-frame-options
SAMEORIGIN

Redirect headers

access-control-allow-origin
*
cache-control
private, max-age=0
content-length
275
content-type
text/html; charset=ISO-8859-1
date
Fri, 19 Jan 2024 09:57:00 GMT
location
https://www.carolinstone.com/de?tduid=1459d1c095b8605c03dfc8ca2a247468
pragma
no-cache
referrer-policy
origin
server
TXServerHttp

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 number| vph number| vpw object| jcc

16 Cookies

Domain/Path Name / Value
ak.hauchiwu.com/ Name: OAID
Value: 53ad3297a0d04bcf8230f6d2a44708f0
ak.hauchiwu.com/ Name: oaidts
Value: 1705658218
my.rtmark.net/ Name: ID
Value: 53ad3297a0d04bcf8230f6d2a44708f0
wholefreshstories.com/ Name: oaidts
Value: 1705658218
wholefreshstories.com/ Name: syncedCookie
Value: true
wholefreshstories.com/ Name: OAID
Value: 69aa82d9af8a28eafdb3551d806793dc
wholefreshstories.com/ Name: reverse
Value: 15kjOjAC22U3XR5Z-Iw3R673Va1yeH2X5Qw-WfGMTxM
wholefreshstories.com/ Name: prefetchAd_4662728
Value: true
.lnk.gameclickads.net/ Name: v
Value: t
.lnk.gameclickads.net/ Name: cas
Value: 4064:2209:2209:1
.lnk.gameclickads.net/ Name: rls
Value: 411940:2209:2209:1|412080:2209:2209:1
.lnk.gameclickads.net/ Name: com
Value: 15480:166:DE:2209:2209:1|20509:141:DE:2209:2209:1
.tradedoubler.com/ Name: EH_0
Value: 1z11z1z159zRIOW7z1U69yae9PoE0yFV2oxjJpuYYpBgc3LbGEVp%79ML%7ahYU%79wOdMUuZdZtouQfn_7kSL1berYQEPX4QkxxAx4xJ_j0xQG2N8KiDNllC4UbXmGXd51%7agE.w%7aHCcEsfII2jFhknIp1VJ
.tradedoubler.com/ Name: GUID
Value: 1z11zz159z2OwrJOz1459d1c095b8605c03dfc8ca2a247468
.tradetracker.net/ Name: uf
Value: oIvthNg25xl6riZK%2BoinL2xwYUk5clVMcVoxSlFGUjgxTlRCdmd6WmRrT2xtclYyZHkvYnk3N2Y1cU9sNS9rVXZ6eXFnd3U4N2RjeDNsVWpZRWU2cnZ0OTZLdzgxZXNqZTFFWThRPT0%3D
.tradetracker.net/ Name: __tdat27695
Value: MTcwNTY1ODIyMDo6MDo6Mzg2MTEzOjpvbmVpZHI1MlJ0UWY5Zkc2emV0cnRRY1hjSkNFMmRIWVNKdFFmZG9uZWlkLTY1YWE0NzZjNGQ4ZjQ3MDgyMmJkY2NjODQxMjA4MDo6Zjo6OTRmNDNhOWI3ZWEzNWI4Zjk2ZDRiY2Y4NjYwYWE0M2U%3D

2 Console Messages

Source Level URL
Text
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.carolinstone.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.dr-jetskeultee.de/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak.hauchiwu.com
as.ad4m.at
bnr.hyperadsdesign.com
clk.tradedoubler.com
d38dxwbthvbuvi.cloudfront.net
fssk.programmaticwidget.tech
lnk.gameclickads.net
my.rtmark.net
r.linksprf.com
tc.tradetracker.net
wholefreshstories.com
www.carolinstone.com
www.dr-jetskeultee.de
www.google-analytics.com
139.45.195.8
172.64.203.13
176.52.241.189
18.196.16.121
18.196.175.240
193.108.153.10
2600:9000:223d:ec00:c:cb59:380:21
2606:4700:20::681a:ad1
2606:4700:20::681a:cd7
2606:4700:3037::6815:15c0
2a00:1450:4001:82b::200e
35.172.251.236
54.171.206.191
16488410bfc3f12b09fe42c701319ed33ee36446a69f398d0b14aef9e46402dc
2cb3bc5074b4151a80e347752f661b74933b4ccd8af8b4a3bffe8d66e3955d66
2d657a922aa82a631e77893221cbee52f5d49f00a829d7b8e928335fe306d64f
362da2256300d0ff9db45cbdd0a53830cbfb4f630c6902dfd63002ebb51c84e3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
5dfa8680bbcbb4b3ba2674dfc9ae73cb78b0ffae211dacb4eee9dfeed2649517
624f7fa421fce175118a054dfccce6ce52999b5d6e01741a0431f660fa65f14e
648d3dcec7c22062830680d1a4047f3f6943f3a8da9b771c0461cb4896ec2f5b
73bb863239e7deafca0188b7a37efed56fec31a9f71d33cf253793c1e2738a34
77092494ad60c0e4aba6c223a606538b58d9ce6d99ffe9a591e80fa51916eb42
7ecc94f0d7ef4b872c360c98f7942c9adb00d2f1f8a22787440d0a4894f04be9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a15175f8e4f4055d91daedaf78788d13cec7420981eb3d547da0e672f5b27cbe
a54926a5a86c88f069b3fed971fceaec4de7699a9c3b02b5ee5d2635e1366196
b968694c2bb18e5ab881d4e65c0881e8978c9444911c91dd6e2cfdc9e2707ad3
cb71c509009feca90944ad932f1f384d47ca488d6dcb80f04135c68c72fd4774
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71fa814e0198066d91ec07215f4e9c60b7edca2777d3a68fde5048178666ba8
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7