Submitted URL: https://whairtoa.com/4/5974651
Effective URL: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&de...
Submission: On September 05 via manual from PK — Scanned from GB

Summary

This website contacted 9 IPs in 4 countries across 8 domains to perform 30 HTTP transactions. The main IP is 3.219.198.131, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is bnr.hyperadsdesign.com. The Cisco Umbrella rank of the primary domain is 495331.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 23rd 2023. Valid for: a year.
This is the only time bnr.hyperadsdesign.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 139.45.197.238 9002 (RETN-AS)
4 139.45.195.8 9002 (RETN-AS)
17 172.64.161.19 13335 (CLOUDFLAR...)
1 3.219.198.131 14618 (AMAZON-AES)
1 2600:9000:223... 16509 (AMAZON-02)
3 18.193.21.196 16509 (AMAZON-02)
1 35.180.93.95 16509 (AMAZON-02)
1 46.101.53.186 14061 (DIGITALOC...)
30 9
Apex Domain
Subdomains
Transfer
17 wholedailyjournal.com
wholedailyjournal.com
66 KB
4 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 11732
2 KB
3 gameclickads.net
lnk.gameclickads.net — Cisco Umbrella Rank: 535081
11 KB
1 demon-tweeks.com
www.demon-tweeks.com Failed
1 perflab-trk.com
lnk.perflab-trk.com
831 B
1 cloudfront.net
d38dxwbthvbuvi.cloudfront.net
571 KB
1 hyperadsdesign.com
bnr.hyperadsdesign.com — Cisco Umbrella Rank: 495331
2 KB
1 whairtoa.com
whairtoa.com — Cisco Umbrella Rank: 216681
2 KB
30 8
Domain Requested by
17 wholedailyjournal.com whairtoa.com
wholedailyjournal.com
4 my.rtmark.net whairtoa.com
wholedailyjournal.com
3 lnk.gameclickads.net bnr.hyperadsdesign.com
lnk.gameclickads.net
1 www.demon-tweeks.com lnk.perflab-trk.com
lnk.gameclickads.net
1 lnk.perflab-trk.com lnk.gameclickads.net
1 d38dxwbthvbuvi.cloudfront.net bnr.hyperadsdesign.com
1 bnr.hyperadsdesign.com wholedailyjournal.com
1 whairtoa.com
30 8

This site contains no links.

Subject Issuer Validity Valid
whairtoa.com
R3
2023-07-16 -
2023-10-14
3 months crt.sh
rtmark.net
R3
2023-07-25 -
2023-10-23
3 months crt.sh
wholedailyjournal.com
E1
2023-08-01 -
2023-10-30
3 months crt.sh
*.thekingtrack.com
Amazon RSA 2048 M02
2023-02-23 -
2024-02-12
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
*.gameclickads.net
Amazon RSA 2048 M01
2023-02-13 -
2024-02-12
a year crt.sh
*.perflab-trk.com
Amazon RSA 2048 M02
2023-05-31 -
2024-06-28
a year crt.sh
*.demon-tweeks.com
Sectigo RSA Domain Validation Secure Server CA
2023-04-20 -
2024-05-01
a year crt.sh

This page contains 3 frames:

Primary Page: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
Frame ID: 7A968DE85C0B5E1A4EC3A8F9745AD1F2
Requests: 26 HTTP requests in this frame

Frame: https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Frame ID: 01BA776725B8C8AA736D406F98FE7C10
Requests: 2 HTTP requests in this frame

Frame: https://www.demon-tweeks.com/?utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248
Frame ID: 34A826F365E9AF173634302D143BF1E6
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://whairtoa.com/4/5974651 Page URL
  2. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z... Page URL
  3. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z... Page URL
  4. https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersi... Page URL

Page Statistics

30
Requests

97 %
HTTPS

13 %
IPv6

8
Domains

8
Subdomains

9
IPs

4
Countries

654 kB
Transfer

730 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://whairtoa.com/4/5974651 Page URL
  2. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
  3. https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
  4. https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29
  • https://monetoad.com/redir/clickGate.php?u=u68EH62H&p=l2u27PvnOu&m=30&url=https%3A%2F%2Fwww.demon-tweeks.com&s=64f70d0fcba60a324389d704-RL-367469 HTTP 301
  • https://www.awin1.com/cread.php?awinmid=6538&awinaffid=101248&clickref=3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl&clickref3=mt132948_a143012_p240668_cGB&clickref2=https%3A%2F%2Fwww.bigperformancelab.com%2F HTTP 302
  • https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
5974651
whairtoa.com/4/
1 KB
2 KB
Document
General
Full URL
https://whairtoa.com/4/5974651
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Tue, 05 Sep 2023 11:12:13 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://wholedailyjournal.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*
x-trace-id
fecd18d94c1090fca96dea6f94c3ffd4
img.gif
my.rtmark.net/
43 B
504 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=61908ec32e4342c9b8e5d8a512e3b3dd
Requested by
Host: whairtoa.com
URL: https://whairtoa.com/4/5974651
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:13 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://whairtoa.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
wholedailyjournal.com/
40 KB
13 KB
Document
General
Full URL
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Requested by
Host: whairtoa.com
URL: https://whairtoa.com/4/5974651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
d749b538eb8d44d2b23c265c13e182448b45ac5e69c2ffa6305fc1cd4cc9079c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
801e09360a5148b6-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 11:12:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NR73EVL2EfdDk9YcbOwn14fgvL%2Fo%2BHmwKdv5RPh1jQyWICoSG6ZlPpnUZdtW1%2FSMNAG34C94nBJsF6VPeEl2qEUFNidh3lO9ReciZVpMcHkVuBkWtdxDrnnj1Q0K63jWauj5f1fxkLA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
gid.js
my.rtmark.net/
65 B
547 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?userId=b212172eac8dc60ebd13e57edabfa37e
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:13 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholedailyjournal.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
micro.tag.min.js
wholedailyjournal.com/pfe/current/
26 KB
10 KB
Script
General
Full URL
https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 11:12:13 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 01 Sep 2023 13:37:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64f1e924-68a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXdq23XHYVrKzHI71o%2FLjNWQ91E%2By5qVQ%2F8OH8G7h1tVebEFQ%2BxKj%2BAXvprcKBDDqxEVA%2BLLLHwwyvSLt3D9K3wHiFiVdkxK%2BpMAc4z59k%2BpuqeXnrdPvbOI%2BIUQij9Q8appUc7Z6lA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
access-control-allow-credentials
true
cf-ray
801e0936fbba48b6-LHR
alt-svc
h3=":443"; ma=86400
truncated
/
327 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
wholedailyjournal.com/
2 B
429 B
XHR
General
Full URL
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.24
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:13 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.24
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q09xtlWEuwZv0awWPI5tQ0jtvIZIFeWxPwBzemtvGEUhx47fPEe6ffjaAKGtbXps4dMWIn4LzXf2hyv4jHLjKRPh8jUMgIRAQtFKoTc9V%2BZY%2Be87MrWXHIAZpGuQDtZpwNLstwj3gFk%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
801e0936fbc948b6-LHR
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
/
wholedailyjournal.com/19/4662728/
3 KB
2 KB
XHR
General
Full URL
https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=5974651&var3=722883316323463928&ymid=&rhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbb6075392eec216d9f819805b41b00e07af857fb38610ba54f1456ac09358b2
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:13 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
fb277a2be031dfb618c218bd249f104f
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Obe%2BPjs4dEwf4bSp2i4Psaq8OzTc9wvt6azHFfKfwNZBr3P7VCXFyyYT3qW9%2FeZMNW55Hxm8j8qZZxBuvudfsljEfUN2aFmIOgKBC8HBd8fwQJlBHU1FTmDthsdlknlt%2FooRLM7dLR8%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
801e09370bdb48b6-LHR
expires
Tue, 11 Jan 1994 10:00:00 GMT
rhd
wholedailyjournal.com/
3 KB
3 KB
Fetch
General
Full URL
https://wholedailyjournal.com/rhd?rb=e5UVuA_yBijGU6jvB186Kzorkz5iiz7DAwKJevUxfpMdrA37WY4jJLEt8rO07bIltdFPN1rYxL78t04NTlaqv5rGOLs-r2VK4ao_CLRcA2k94dPUe5CL8VnlgvBxkO7b89_GCHcmYdNOxr6DgSSBZVQwSTkYno1C45YCCLjZi3OGOm5VY0vg6mjUy5Z30ol0_AJIBh3c30Yf4Pjp1a_g0AACymdUP36VeK1IzJK1f-QLoHmpp91m3fTFLXPt14PT2HS5sSF7lkURPkz3Ny_A8Ywz4XLm40UgnJ8OFuN70tODaYJLr6CpQp8AQpoSo_Kww0fELiQsQaQe20asx8x-0RcwJ_kOKGlhEJ5Hf0ogCBwWR5xIHmgR634drKo2Qu2H0IcEeI5wT8YhZ5aiAEJE3oM23V5syb-zcnv-2rpe_zKSe7xoTCeozUm8BXvb2mdivxgQOtrHpj5NIQW5Ggyk5VAckeGtI2RhUHkWPNwLop1C9pxY&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5974651&var3=722883316323463928&ymid=&rhd=1&m=link
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
ffd51424ea5b42b10709326828100de3
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZJNMUbHa8iEaGVjP%2FMW8%2FvfMNvVesM4Fn%2Fr5lJwKrcFm0DDj3PNFYkxLzm18i5lMOJgAn2J4IFNogcV3yPVlbv%2B651X3A2e6dO%2F3OHk6%2FT7%2FPs95hWNWl6SHkVpGHYOrZ5JP9dgZbA%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
801e0937bbfed17c-LHR
expires
Tue, 11 Jan 1994 10:00:00 GMT
4662709
wholedailyjournal.com/sw-check-permissions/
0
958 B
Other
General
Full URL
https://wholedailyjournal.com/sw-check-permissions/4662709?var=5974651&ymid=722883316323463928&uhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.24
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.24
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTvDrie%2FA4Hn1tff8RIMfZxjWTKsBruUC3VUjEZJC2OlicP5z2VvpwrIGZBxPlDvAw6hHfvLCMWzcj6dFqxxQLd%2B6MgSK5ghdCBChU7GNiGWMhaE6I7Tp%2FnEKeqJlpUc4zEV%2FvVbF9U%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
801e0937cc21d17c-LHR
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
zone
wholedailyjournal.com/
0
491 B
Ping
General
Full URL
https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=prerequest
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-trace-id
99421ca4485ba65c131853550285529a
date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u69fLBEYY9s1R4VEdbozV0Dmd8aXnW56PVpG7%2BR9KM9Ohaz8gIiP4BBfqRQM7zTnuMaxPLuqt9%2FjdnaMyZUZ43G%2FGogKSFeewSQ1rd39mqYdS6fcuUgFBv2AiALhLygrqsqsngh5eus%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholedailyjournal.com
access-control-allow-credentials
true
cf-ray
801e0937cc26d17c-LHR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
gid.js
my.rtmark.net/
65 B
547 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=722883316323463928&var=5974651
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholedailyjournal.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
wholedailyjournal.com/
798 B
982 B
Fetch
General
Full URL
https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=settings
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
3dfd2a9713f54bf8c3830cafe2d8493e
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8m0x8V5FbqHFHfbqnBznrIT8oeSstAg91NT76rvlwf1EvOALjtKM9HO1AeQf%2B3NxCZwEu83fCYt7B7hBqMbxpcYxvVvvqKQgBqDMESwKz9Y%2BTq1RyCqhL4ExgBSzkPMElEP8MuNR2I8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
801e0937dc52d17c-LHR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
/
wholedailyjournal.com/
40 KB
13 KB
Document
General
Full URL
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.24
Resource Hash
f9ff48834ed28fad5ffaec1cd0ffb4960750a003b108a6970ef6eea86bff147b

Request headers

Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
801e09383cd9d17c-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 11:12:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3INlLcpOhcQeXGlgjul6oR1zLbHqVwtJIomVY6aLcJhkFF2BCXblmGPVt8L9FCt9duRbDCGv%2BFp%2BHMKnwV99LGo07xXwjvb9XbMT9CzNUNkvBb3MODaBAj6tsSS%2FUC1s%2FbS9GhawH8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.24
micro.tag.min.js
wholedailyjournal.com/pfe/current/
26 KB
10 KB
Script
General
Full URL
https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 11:12:14 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 01 Sep 2023 13:37:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64f1e924-68a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v6Fs9d09o8sYm44LZdreTcViOTQ6m96XWEWhZ%2BGSdMmOMu8FKeAYcL2siCNFPAcP4uQMnQ1km7N79%2FIYBMBV2X7DbHWICqgMwPht6Kg2oFG%2Fjnt6X4uGUUZZa1Z46OLJNf4kh9f9qs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
access-control-allow-credentials
true
cf-ray
801e0938fe52d17c-LHR
alt-svc
h3=":443"; ma=86400
truncated
/
327 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
wholedailyjournal.com/19/4662728/
3 KB
3 KB
XHR
General
Full URL
https://wholedailyjournal.com/19/4662728/?abt_opts=1&var=5974651&var3=722883316323463928&ymid=&rhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22d22af73402a644c85d142c0037ccea4eeb3b1a431d64c53729c2299a3565ce
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
9bd542aef6b528f6466eaabdf0042610
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkuEVMVKreQE34NqBYRMe%2FpWVMX8rgwZQARXrOkal9YKm5k1txwWeuzTqyRuCqFrQXwhzPEKcpFTEfCeT%2B2mOXYvH3HC%2FJpPnAsHfBMRZ%2Bw%2Ff6tmev8fA%2B01rukQfD26vyLSuQKa6cM%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
801e09390e58d17c-LHR
expires
Tue, 11 Jan 1994 10:00:00 GMT
/
wholedailyjournal.com/
2 B
536 B
XHR
General
Full URL
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2&mprtr=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.26
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47WCQo0gEDEDTL%2B0YCOMZO9NaWXaWIVwSrGiZfEciXGiuMZYCfUoHRhOCSFCH2jbsEkbOK1A%2FPvScPOLIDgYoGjRly0y0tee%2BQPMBe1zgxXWCKjs6eZyvuKSigIuDqPQf8SEpE4%2FOE8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
801e09392e8cd17c-LHR
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
rhd
wholedailyjournal.com/
3 KB
3 KB
Fetch
General
Full URL
https://wholedailyjournal.com/rhd?rb=9MVOCladbgf4ZcrRcvEIqBYGi4jETCxJQS1NU2XVStxKI7tcBXo9bEyvZ2Vnbof9kBu2w8JT0tjcSxup_YeAnsMziIS67QE86hOBdbIdPVZ4K6J9uIg-6nlDFj4QiBT9KQo-l-vNXphwQSefKhNPz34cpKJAN-uDhImUSFAwD8DuV-jgQ-sLanLdaGL0a_hU4hb2SgT_xjAhqHLoCErRxq1BwQVbk_HjGePR-Sw_J6jxcyeRZ-O_jFirWxwvInxSJTs2vAH5XXitnH7Vz19j6FxBP9p7Oxnl42kdkiXT4n7aRJF_EAjCNdAqp4M0A1_zTye-7mfodw9FeTiWUG-b_Kp7-wBeie_b8LwEjzxCHmaXOiR4AvNnJn3NLHCrKFYXcALMJaeEgGkMiKhPbdxvSEzL4RQrpa8uwqmTD8zHTMdB6TQu8klHqYiKKSodk1dgtXRcMwjYzcKUvQcQprQQubTC6eo7KIZeETooVOFek_1L163fx04_w-pp-x8%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26rdc%3D2&drf=https%3A%2F%2Fwholedailyjournal.com%2F%3Fs%3D722883316323463928%26ssk%3D2c1fd8cdb1faa2fffc60adcfe620419b%26svar%3D1693912333%26z%3D5974651%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5974651&var3=722883316323463928&ymid=&rhd=1&m=link
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
811ddb3dd6d2276dc2a4460879450e6e73a47f8b1a0ec4c85b6c3ae3a23c73e3
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
fe3c993b57f3013402386a708f55aa6d
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPwo1iSLeiNwy91GQnMYLkthgsZ28hVWGjbabolGlEQrymYLxkLnQ9AsD3IN7zV1AeQV7OdvMZzWsy7hSTe0uA%2B2HCoslnm9c2eyFInYuM7hG6RU5xoXxa%2BAhiHdCjhLp4w8sWFmZ4A%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
801e09396ef9d17c-LHR
expires
Tue, 11 Jan 1994 10:00:00 GMT
4662709
wholedailyjournal.com/sw-check-permissions/
0
957 B
Other
General
Full URL
https://wholedailyjournal.com/sw-check-permissions/4662709?var=5974651&ymid=722883316323463928&uhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2B8zenNJnXoUdb7cosHUsk9EbbcLpg6hasMye3SKeRc%2BnfwfP7cOJcxl8sBoD89MVH92A33pZmKy15N84FZfUuPZwQPEkyzjHCXGvq7%2FHN67YPFJK62vZW5Fq3xB%2BI0DlNbULvPUIEI%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
801e09396f00d17c-LHR
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
zone
wholedailyjournal.com/
0
492 B
Ping
General
Full URL
https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=prerequest
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-trace-id
b4d32198cec32aed887836a5a76b7d6a
date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fy%2BTsNqr2BB8jSfnLAvBeoZUHdtDYsXxHvVvRteR1gdvcr5qE3v7fWq46ar8frXZKFOXru2Qe6M7B%2FlrLib3RSJd%2BUPilt7tWJIA%2Fk8bRuWttEv49u2DriUj50qL3J6ooeEOYH43FtE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholedailyjournal.com
access-control-allow-credentials
true
cf-ray
801e09396f01d17c-LHR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
gid.js
my.rtmark.net/
65 B
547 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=722883316323463928&var=5974651
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wholedailyjournal.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
wholedailyjournal.com/
798 B
982 B
Fetch
General
Full URL
https://wholedailyjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=wholedailyjournal.com&var=5974651&ymid=722883316323463928&var_3=&var_4=&dsig=&tg=1&action=settings
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=722883316323463928&var=5974651&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbfd56b2af6f09fcea733b0d4f15b59b5b9c101a93900c7dcb97808a63333f5d
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
e7186ab88cb615424627b866680e4e17
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BpwCVQhYVFCrfxnWifRMWrSRdepwyNwUTBl14rnWIdrKJ6krW57iK5y8y%2B%2Fm7n98xQB1%2FwlSxXg3d2teYEmj8vJgqoiBr1y2ACetcid4AWpoNMRckt6fGl69ZbfPePrkVZBE29mtJw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
801e09397f16d17c-LHR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
Primary Request bAxqvF1d45pWHW4v5AoorosX
bnr.hyperadsdesign.com/get/
2 KB
2 KB
Document
General
Full URL
https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.219.198.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-219-198-131.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
5167e4dc66a732558510c6e92462e4d56e9127ac598744c772401b60889c7ec5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-length
1681
content-type
text/html
date
Tue, 05 Sep 2023 11:12:15 GMT
server
awselb/2.0
cat.php
wholedailyjournal.com/
0
764 B
Ping
General
Full URL
https://wholedailyjournal.com/cat.php?userId=b212172eac8dc60ebd13e57edabfa37e&zoneid=4662728&rb=9MVOCladbgf4ZcrRcvEIqBYGi4jETCxJQS1NU2XVStxKI7tcBXo9bEyvZ2Vnbof9kBu2w8JT0tjcSxup_YeAnsMziIS67QE86hOBdbIdPVZ4K6J9uIg-6nlDFj4QiBT9KQo-l-vNXphwQSefKhNPz34cpKJAN-uDhImUSFAwD8DuV-jgQ-sLanLdaGL0a_hU4hb2SgT_xjAhqHLoCErRxq1BwQVbk_HjGePR-Sw_J6jxcyeRZ-O_jFirWxwvInxSJTs2vAH5XXitnH7Vz19j6FxBP9p7Oxnl42kdkiXT4n7aRJF_EAjCNdAqp4M0A1_zTye-7mfodw9FeTiWUG-b_Kp7-wBeie_b8LwEjzxCHmaXOiR4AvNnJn3NLHCrKFYXcALMJaeEgGkMiKhPbdxvSEzL4RQrpa8uwqmTD8zHTMdB6TQu8klHqYiKKSodk1dgtXRcMwjYzcKUvQcQprQQubTC6eo7KIZeETooVOFek_1L163fx04_w-pp-x8=&var=5974651&var3=722883316323463928&ymid=&rhd=1
Requested by
Host: wholedailyjournal.com
URL: https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.161.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://wholedailyjournal.com/?s=722883316323463928&ssk=2c1fd8cdb1faa2fffc60adcfe620419b&svar=1693912333&z=5974651&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 05 Sep 2023 11:12:14 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
0
x-trace-id
1586ae43051f7cc461cdaf0b98cfc121
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wgA%2BeJL5bSypsIW5Or41aUM9IuOOgWiv51aWZSo%2FuG07I69lgnYjUK8RGeb9yxvxf%2B8l67KoETpWbyVpdUQ3kd2g01vRal2UFPTpcXwhWMEuUJMJo7QGSDRwZSl5KaoR1LMfVwyW7g%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://wholedailyjournal.com
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
801e093ced8cd17c-LHR
expires
Tue, 11 Jan 1994 10:00:00 GMT
a3d3afe7577cccb9cc96364e66bb813d.png
d38dxwbthvbuvi.cloudfront.net/jcm-mm/
570 KB
571 KB
Image
General
Full URL
https://d38dxwbthvbuvi.cloudfront.net/jcm-mm/a3d3afe7577cccb9cc96364e66bb813d.png
Requested by
Host: bnr.hyperadsdesign.com
URL: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:c:cb59:380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5cfd3c225762e475b902bafa2569160aad910b0403721574f5d935eab86d9948

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 08:10:04 GMT
via
1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront)
last-modified
Thu, 18 May 2023 14:36:18 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
10940
x-amz-server-side-encryption
AES256
etag
"89b85ec4fb75ee6cae061ab7d536aa9f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
accept-ranges
bytes
content-length
583445
x-amz-cf-id
6j9XcFsYpT-WhFCZ6KcB_xbJR1el5IiBYi5m3_kt-CUZv-yKPgTqmQ==
bAxqvF1d45pWHW4v5AoorosX
lnk.gameclickads.net/trk/ Frame 01BA
1 KB
2 KB
Document
General
Full URL
https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Requested by
Host: bnr.hyperadsdesign.com
URL: https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-21-196.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
5a6aa5ed9b8f60a5f2984fe6a7a94fc9e38314ad11f461388c5d670a0aaaca3d

Request headers

Referer
https://bnr.hyperadsdesign.com/get/bAxqvF1d45pWHW4v5AoorosX?connectionType=broadband&carrier=?&browserVersion=116&region=man&device=desktop&operatingSystem=windows&osVersion=win10&country=GB&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/116.0.5845.140%20Safari/537.36&browser=chrome&zoneId=4662728&cost=0.000250&campaignId=7345864&paid=722883322879160483&subzone_id=0&oaid=b212172eac8dc60ebd13e57edabfa37e
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-language
en-GB
content-type
text/html;charset=UTF-8
date
Tue, 05 Sep 2023 11:12:15 GMT
c.js
lnk.gameclickads.net/js/ Frame 01BA
8 KB
8 KB
Script
General
Full URL
https://lnk.gameclickads.net/js/c.js
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-21-196.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:12:15 GMT
last-modified
Thu, 02 Mar 2023 20:36:26 GMT
accept-ranges
bytes
content-length
7804
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
/
lnk.gameclickads.net/ Frame 34A8
1 KB
1 KB
Document
General
Full URL
https://lnk.gameclickads.net/?bt=lnk.perflab-trk.com&ref=&friend=&u=monetoad.com%252Fredir%252FclickGate.php%253Fu%253Du68EH62H%2526p%253Dl2u27PvnOu%2526m%253D30%2526url%253Dhttps%25253A%25252F%25252Fwww.demon-tweeks.com%2526s%253D64f70d0fcba60a324389d704-RL-367469&log=false&type=ROTATOR_LINK&linkId=367469&clickId=64f70d0fcba60a324389d704&br=false
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.21.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-21-196.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2d3b3faec91ba56bebde24145d76e379f323dbaf279ef055d4a9f940cb30a19b

Request headers

Referer
https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-language
en-GB
content-type
text/html;charset=UTF-8
date
Tue, 05 Sep 2023 11:12:16 GMT
/
lnk.perflab-trk.com/ Frame 34A8
741 B
831 B
Document
General
Full URL
https://lnk.perflab-trk.com/
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/trk/bAxqvF1d45pWHW4v5AoorosX?browser=chrome&browserVersion=116&campaignId=7345864&carrier=%3F&connectionType=broadband&cost=0.000250&country=GB&device=desktop&language=en&oaid=b212172eac8dc60ebd13e57edabfa37e&operatingSystem=windows&osVersion=win10&paid=722883322879160483&region=man&subzone_id=0&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F116.0.5845.140+Safari%2F537.36&zoneId=4662728&c2=true&vpw=1600&vph=1200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.180.93.95 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-180-93-95.eu-west-3.compute.amazonaws.com
Software
/
Resource Hash
637f3535eb9674cc1fc7fe514a8948e2b4f49c299fe85dd708b34d13021cd02e

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://lnk.gameclickads.net
Referer
https://lnk.gameclickads.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-language
en-GB
content-type
text/html;charset=UTF-8
date
Tue, 05 Sep 2023 11:12:16 GMT
/
www.demon-tweeks.com/ Frame 34A8
Redirect Chain
  • https://monetoad.com/redir/clickGate.php?u=u68EH62H&p=l2u27PvnOu&m=30&url=https%3A%2F%2Fwww.demon-tweeks.com&s=64f70d0fcba60a324389d704-RL-367469
  • https://www.awin1.com/cread.php?awinmid=6538&awinaffid=101248&clickref=3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl&clickref3=mt132948_a143012_p240668_cGB&clickref2=https%3A%2F%2Fwww.bigperforman...
  • https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248
0
0

/
www.demon-tweeks.com/ Frame 34A8
0
0
Document
General
Full URL
https://www.demon-tweeks.com/?utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248
Requested by
Host: lnk.gameclickads.net
URL: https://lnk.gameclickads.net/js/c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.101.53.186 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=15638400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://lnk.gameclickads.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-length
54798
content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 07:34:44 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=15638400
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-magento-controlleraction
cms/index/index
x-ua-compatible
IE=edge
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.demon-tweeks.com
URL
https://www.demon-tweeks.com/?source=aw&awc=6538_1693912336_32b1eb435bc1df3761c55f434fee4a44&utm_source=Affiliate_Window&utm_medium=Sub+Networks&utm_campaign=101248

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture number| vph number| vpw object| jcc

14 Cookies

Domain/Path Name / Value
whairtoa.com/ Name: OAID
Value: 61908ec32e4342c9b8e5d8a512e3b3dd
whairtoa.com/ Name: oaidts
Value: 1693912333
my.rtmark.net/ Name: ID
Value: 61908ec32e4342c9b8e5d8a512e3b3dd
wholedailyjournal.com/ Name: oaidts
Value: 1693912333
wholedailyjournal.com/ Name: syncedCookie
Value: true
wholedailyjournal.com/ Name: OAID
Value: b212172eac8dc60ebd13e57edabfa37e
wholedailyjournal.com/ Name: prefetchAd_4662728
Value: true
wholedailyjournal.com/ Name: reverse
Value: GQeeZiDCyEksDu8-WmuK5ESXh5cLFqqktZL3VCfFY0A
.lnk.gameclickads.net/ Name: v
Value: t
.lnk.gameclickads.net/ Name: cas
Value: 3833:2073:2073:1
.lnk.gameclickads.net/ Name: rls
Value: 367469:2073:2073:1
.lnk.gameclickads.net/ Name: com
Value: 11620:196:GB:2073:2073:1
.awin1.com/ Name: aw6538
Value: 101248|0|0|1693912336|3CehUF8SDKEIeOJLOSfUVKxYjKRiKEb78uBrC3gvKLHLhl|aw|0
.awin1.com/ Name: bId
Value: HLEX_64f70d109c67a9.27576750

1 Console Messages

Source Level URL
Text
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.demon-tweeks.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bnr.hyperadsdesign.com
d38dxwbthvbuvi.cloudfront.net
lnk.gameclickads.net
lnk.perflab-trk.com
my.rtmark.net
whairtoa.com
wholedailyjournal.com
www.demon-tweeks.com
www.demon-tweeks.com
139.45.195.8
139.45.197.238
172.64.161.19
18.193.21.196
2600:9000:223d:fc00:c:cb59:380:21
3.219.198.131
35.180.93.95
46.101.53.186
22d22af73402a644c85d142c0037ccea4eeb3b1a431d64c53729c2299a3565ce
2d3b3faec91ba56bebde24145d76e379f323dbaf279ef055d4a9f940cb30a19b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5167e4dc66a732558510c6e92462e4d56e9127ac598744c772401b60889c7ec5
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
5a6aa5ed9b8f60a5f2984fe6a7a94fc9e38314ad11f461388c5d670a0aaaca3d
5cfd3c225762e475b902bafa2569160aad910b0403721574f5d935eab86d9948
637f3535eb9674cc1fc7fe514a8948e2b4f49c299fe85dd708b34d13021cd02e
811ddb3dd6d2276dc2a4460879450e6e73a47f8b1a0ec4c85b6c3ae3a23c73e3
93aa90bc54c821708337ef559092efe522bc95c001099d697618db267a0b0049
9683e933ad3bbd0025816b435d053b330f0f312ec629928e76eddd9e69b015b4
cbb6075392eec216d9f819805b41b00e07af857fb38610ba54f1456ac09358b2
d749b538eb8d44d2b23c265c13e182448b45ac5e69c2ffa6305fc1cd4cc9079c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7
f9ff48834ed28fad5ffaec1cd0ffb4960750a003b108a6970ef6eea86bff147b
fbfd56b2af6f09fcea733b0d4f15b59b5b9c101a93900c7dcb97808a63333f5d