www.nobenefit.exchange Open in urlscan Pro
2606:4700:3035::6815:1ccc Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95S...
Effective URL:
http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_R...
Submission: On February 28 via manual (February 28th 2022, 8:41:53 am UTC) from ES — Scanned from ES

Summary HTTP 71 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 17 domains to perform 71 HTTP transactions. The main IP is 2606:4700:3035::6815:1ccc, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.nobenefit.exchange.

This is the only time www.nobenefit.exchange was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2606:4700:303... 2606:4700:3035::6815:1ccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a04:4e42:600... 2a04:4e42:600::622	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.76 143.204.98.76	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	143.204.98.33 143.204.98.33	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.98.32 143.204.98.32	16509 (AMAZON-02) (AMAZON-02)
1	99.83.215.13 99.83.215.13	16509 (AMAZON-02) (AMAZON-02)
1	75.2.62.78 75.2.62.78	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.79 143.204.98.79	16509 (AMAZON-02) (AMAZON-02)
3	2.16.186.32 2.16.186.32	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.183.82.125 52.183.82.125	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.86.94.156 52.86.94.156	14618 (AMAZON-AES) (AMAZON-AES)
2	54.186.45.77 54.186.45.77	16509 (AMAZON-02) (AMAZON-02)
1	184.73.240.29 184.73.240.29	14618 (AMAZON-AES) (AMAZON-AES)
71	22

26 2606:4700:3035::6815:1ccc (United States)

ASN13335 (CLOUDFLARENET, US)

www.nobenefit.exchange	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a04:4e42:600::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-76.fra50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-33.fra50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-32.fra50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.215.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: ace0c9649cf81ee05.awsglobalaccelerator.com

api.sjpf.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 75.2.62.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: a3b233fbd2625fed8.awsglobalaccelerator.com

fp.ctrwow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-79.fra50.r.cloudfront.net

cdn.getblueshift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.186.32 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-32.deploy.static.akamaitechnologies.com

embedwistia-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.183.82.125 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ctrwow-prod-fingerprint-microservice.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.86.94.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-94-156.compute-1.amazonaws.com

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.186.45.77 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-45-77.us-west-2.compute.amazonaws.com

api.getblueshift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.240.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-240-29.compute-1.amazonaws.com

pipedream.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	nobenefit.exchange www.nobenefit.exchange	519 KB
6	wistia.net fast.wistia.net — Cisco Umbrella Rank: 6469	206 KB
5	wistia.com fast.wistia.com — Cisco Umbrella Rank: 4263 distillery.wistia.com — Cisco Umbrella Rank: 5577 pipedream.wistia.com — Cisco Umbrella Rank: 5795	146 KB
4	gstatic.com fonts.gstatic.com	63 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50 Failed	219 KB
3	akamaihd.net embedwistia-a.akamaihd.net — Cisco Umbrella Rank: 7246	932 KB
3	getblueshift.com cdn.getblueshift.com — Cisco Umbrella Rank: 13136 api.getblueshift.com — Cisco Umbrella Rank: 9614	4 KB
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 67 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37	2 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 574 script.hotjar.com — Cisco Umbrella Rank: 726 vars.hotjar.com — Cisco Umbrella Rank: 809	68 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	google.es www.google.es — Cisco Umbrella Rank: 18513	565 B
2	google.com www.google.com — Cisco Umbrella Rank: 2	565 B
1	azurewebsites.net ctrwow-prod-fingerprint-microservice.azurewebsites.net — Cisco Umbrella Rank: 467577	359 B
1	ctrwow.com fp.ctrwow.com — Cisco Umbrella Rank: 429803	612 B
1	sjpf.io api.sjpf.io — Cisco Umbrella Rank: 23072	331 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 99	15 KB
0	litix.io Failed fg8vvsvnieiv3ej16jby.litix.io Failed
71	17

	Domain	Requested by
26	www.nobenefit.exchange	www.nobenefit.exchange
6	fast.wistia.net	www.nobenefit.exchange
4	fonts.gstatic.com	www.nobenefit.exchange
4	www.googletagmanager.com	www.nobenefit.exchange
3	embedwistia-a.akamaihd.net	fast.wistia.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fast.wistia.com	www.nobenefit.exchange
2	api.getblueshift.com	cdn.getblueshift.com
2	www.google.es	www.nobenefit.exchange
2	www.google.com	www.nobenefit.exchange
2	stats.g.doubleclick.net	www.google-analytics.com
1	pipedream.wistia.com	www.nobenefit.exchange
1	distillery.wistia.com	www.nobenefit.exchange
1	ctrwow-prod-fingerprint-microservice.azurewebsites.net	www.nobenefit.exchange
1	cdn.getblueshift.com	www.nobenefit.exchange
1	fp.ctrwow.com	www.nobenefit.exchange
1	api.sjpf.io	www.nobenefit.exchange
1	vars.hotjar.com	static.hotjar.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	script.hotjar.com	static.hotjar.com
1	www.googleadservices.com	www.nobenefit.exchange
1	static.hotjar.com	www.nobenefit.exchange
0	fg8vvsvnieiv3ej16jby.litix.io Failed	fast.wistia.net
71	23

This site contains links to these domains. Also see Links.

Domain
www.edlwss.com
www.buycircaknee.com
www.dmca.com

Subject Issuer	Validity	Valid
fast.wistia.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-24` - `2023-01-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.es GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
api.sjpf.io R3	`2022-02-06` - `2022-05-07`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
fp.ctrwow.com Amazon	`2022-01-25` - `2023-02-23`	a year	crt.sh
a248.e.akamai.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.azurewebsites.net Microsoft RSA TLS CA 02	`2021-07-07` - `2022-07-07`	a year	crt.sh
*.wistia.com Amazon	`2021-04-01` - `2022-04-30`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Frame ID: BA42C7489B7C045DB93C6409B317AC71
Requests: 70 HTTP requests in this frame

Frame: http://www.nobenefit.exchange/clicks/circaknee_files/blank.htm
Frame ID: BDBB01E716007782B7B81BBD5D052733
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 65FFC42BD03A2D9AF7B788FC10BE2619
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get the Compression Sleeves That Provide Instant Relief for Sore, Agi

Page URL History Show full URLs

http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1... Page URL
http://www.nobenefit.exchange/offer.php?id=373&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/Qg... Page URL
http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25ow... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

71
Requests

41 %
HTTPS

43 %
IPv6

17
Domains

23
Subdomains

22
IPs

3
Countries

2196 kB
Transfer

4999 kB
Size

17
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.edlwss.com/9XM7S7W/658NTX6/?uid=21754&sub1=bland&sub2=952288&sub3=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Title: Secure Your Discount

Search URL Search Domain Scan URL

URL: https://www.buycircaknee.com/en/terms.html?temp=hcvr&loader=1&Affid=5521&s1=&s2=&s3=&s4=2909&s5=59f924a587984b7489ed74ca69053f1e&domain1=www.edlwss.com&network_id=69&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://www.buycircaknee.com/en/policy.html?temp=hcvr&loader=1&Affid=5521&s1=&s2=&s3=&s4=2909&s5=59f924a587984b7489ed74ca69053f1e&domain1=www.edlwss.com&network_id=69&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.buycircaknee.com/en/contact-us.html?temp=hcvr&loader=1&Affid=5521&s1=&s2=&s3=&s4=2909&s5=59f924a587984b7489ed74ca69053f1e&domain1=www.edlwss.com&network_id=69&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=77db208e-a872-4410-a150-3fdc93e2ee04&refurl=https://www.buycircaknee.com/en/pre-vsl.html?temp=hcvr&temp=hcvr&loader=1&Affid=5521&s1=&s2=&s3=&s4=2909&s5=59f924a587984b7489ed74ca69053f1e&domain1=www.edlwss.com&network_id=69&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2 Page URL
http://www.nobenefit.exchange/offer.php?id=373&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2 Page URL
http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

71 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2 Show response
www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/ 1 KB
1 KB 174ms
116ms Document
text/html 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.25
Resource Hash: 695acd5ffb7987694d0251b0ff07d9b65dac5cffa47829357ad4f619e5a34f9c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: es-ES,es;q=0.9

Response headers

Date: Mon, 28 Feb 2022 08:41:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VRbkga2tqFmTa9Ys5YGBVxNa46GSl%2FcyIgmSEgDjzdRunczXMa3V4Ma%2BRA7A28zWxLK44nsWqgLCmy4A1qy9gIzlGUxyHjD52%2FXKz4MBVLC%2B%2F5%2BsiHc8byg2OP7kn6egcm%2Fp04B03LBo6PJGflj1ZqcXLU4p"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e485b0adf708684-MAD
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK jquery-1.11.0.min.js Show response
www.nobenefit.exchange/ 94 KB
33 KB 41ms
41ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/jquery-1.11.0.min.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:45 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4062
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Fri, 11 Feb 2022 18:18:35 GMT
Server: cloudflare
ETag: W/"6206a87b-1787d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzJ4xe87OH%2FrUKqLQYsx0CQbeYGDUE%2Bgh0mnE6SFWo96mf56CFSzVKULHw5u4JN8KjDKkQOu%2BiOkG%2Fh2R4%2BQVjoml99NWTLH2D%2FO706N4TruDDDftMu5G2mWLZA9%2FTo3LvB6LSa8ABDbeprgugn9GyllJQLH"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e485b0bb8f28684-MAD

GET js
www.googletagmanager.com/gtag/ 0
0

GET
H/1.1 200
OK offer.php Show response
www.nobenefit.exchange/ 418 B
1 KB 143ms
143ms Document
text/html 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/offer.php?id=373&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.25
Resource Hash: 9f5793cccdc22570fe5d3a50ca25ac3433efa45a5dbb7d6f18c5df1081b4ee51

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/uaadlbl/urxfeebi846577jwucm/mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Response headers

Date: Mon, 28 Feb 2022 08:41:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LB9Nkh9kIslpTWpNM%2FHxQXR1QM%2FuxTw%2BprbphEvcwRTfP7bmDS6p5oWQPLwBlq72K6%2BcyQKUdJK11WNZwgDiSUZ%2BxOkIPlBEQ310MsBJxXVyyiZ0hoQwInESnPF591wIkOBs9HeRBvBPneI18Kfn2bDHJ%2B%2BC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e485b0c19918684-MAD
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK Primary Request circaknee.php Show response
www.nobenefit.exchange/clicks/ 67 KB
14 KB 149ms
148ms Document
text/html 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.25
Resource Hash: 865cae8d516634f1674e284a1eac1229b36de07f3b1b662dee8293aaffd548b1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/offer.php?id=373&sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Response headers

Date: Mon, 28 Feb 2022 08:41:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=USSnSw5I2jm%2FCfXxKc9rl%2Bt0U0sJkFXDcgzptV9x5%2FeUGsn%2FJ9%2F6Ad0DmxpBsnPlYb6kikKCKFJqVNzqF9ezKllpmjgd%2BQhYYNKDqoNcNi5sfj1Bz3D9R3MIW7lKbw2LYiuUvpNFdJm5QkJXQI38FXnCh51x"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e485b0d1b988684-MAD
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK css2.css
www.nobenefit.exchange/clicks/circaknee_files/ 25 KB
2 KB 326ms
292ms Stylesheet
text/css 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/css2.css
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-65d2"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7G%2Fz3sm0OZfcR2JkjvfOz5gQE4BmBCuj%2BtbD%2Frl%2B7%2B4Jnf%2F0FyISGLMU9UBjWMiDgWN5F%2B3eKqxoIEIdvOiFtfiPkJeGnN5gQe3whVd32LpQ3N2BWfkJj29BoSvEwu%2Fv93tN7lHDb1f8eZBjQ3hJBMGs7ga8"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b0e48fd1509-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK blueshift.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 4 KB
3 KB 225ms
190ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/blueshift.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01fcf88d0ee0ff3cc10a948024394b5a87004538985081ca233b7a95ff286a12

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-1096"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3pOS4e1FJCbnMooi61KjpF4mtI6%2F6ij67ox2t7G%2BIlwVOL1fBsL1sdW68wmJjAXa1NkeoNvccGlxjAOyFW%2BIna4FPnU4cNpNJ%2BCSNCJ5abKys2T8QgQZ7n%2FbYLXCUrerzhNilBFtqgjXxvR%2Bs7NRKny8nZV6"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b0e4bfd1501-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK gtm_002.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 250 KB
67 KB 382ms
381ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/gtm_002.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a06e1259ecc9fe3411ca33faaeaca1856531b49de1d0701d75cd656c3d066336

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-3e9e8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ccO89Fa%2F5AlxoudjPRMLSRCB8OOlg1pQtTZYZlczaKPW5eCxGwVCXWAQy4D6KrODtXM5ion1XfqFQf96Fk9eEFzid5bmJH2iXnJaRknuvo4fNA5zF5pR%2FZ8RYr0L5Z8mXPjoObHhnU2wCMGE2A1oIOQbsRc"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b0f7dba1501-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK gtm.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 232 KB
68 KB 384ms
384ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/gtm.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d96db836266109af2302d7dc1b29ad2f25e9f772a42323363f6569b69c82de

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-3a09f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eba1fHCpk2V4hoXcGaKnfwVSoq95gtjcGr%2B7YyQ%2FjoQ8IgJ99Dcq6e3%2BDAS6Gd88qSvxsJRJTiGtXU8bzubKFpbnmPL6wKBk1ulo6dq8waCv1xVMfrBAD6hyGLVWgisfpI3tLXOZOBMESfIHbLzQ17EK7T2F"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b101b131509-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK modernizr-custom.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 4 KB
2 KB 155ms
154ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/modernizr-custom.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a34fefeaacfe1f612d64877d8b9cf5298c1096f90e25d3641ee99eb774200ad

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-114c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9qY%2BWc2P5aYiOoHXeG1MaHeWhQ%2Ftf6fKAAyAKHRm5rZLwaXijCUJvnENVyku8FY8d5gMuVqUedctXbx%2BuhhpCYt82QviPdGLFM9SV%2FFXcRV1y4kalESO6T7MbVxtMdptdMU67EckVDzJbzPXxMUutYSabbp"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b102ac5367c-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK jquery-3.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 53 KB
20 KB 254ms
253ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/jquery-3.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 518a15f363c50965095455798b2147d7a196d1032709e5a5b1fb6b05da8530c3

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-d573"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmKHg%2B0f%2FnCWPqyECZRGibEKk75Y5IBmiFNmvBqVO4Rp%2BUz56fcfyajpS34oR%2BjsTFlE0Smi80eMZXfQ8uvjlmTyH2edlbxiHnKef0kDs4xXAaMDVXXEDvUpZ6Vl72bgpr7qR2JHaAa2YysDl1m4H%2BxZyFlN"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b1029a48684-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK blazy.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 5 KB
3 KB 443ms
137ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/blazy.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-1448"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Liwgr54LyvOHgw6LqIHCtY27Z9CqeKcLBQfvGWkJ9KJhVAd7aPObc9GHHipUN6cYF%2Fecq4s8uehkdf9IetcEVeDlJGE8E3XuGF%2Bs3RxmNzeNOQ%2F0I42YMI14OMxNRu%2BcBjWZ5AG9sSI%2FShp1mReOfkQd0A6"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b120d2d367c-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK ctrwowUtils-v2.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 33 KB
11 KB 590ms
238ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctrwowUtils-v2.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56e347670952e57d894a9f57b7b6d8c10749b79c5c838553c9906acc4a7edf84

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-8306"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBLnBf7dMtyVwKlmjUIMnaFo81oAXFDbugZTLGbSsBPRRAWojO1oIf99HuvVpA%2BQXMBYr3FfmdraLpa5anesYbmvtuU2nlNL%2F6v1XDpYkTzxtCC7jfDRhXlnaTzQdj%2FB8tCbNyZcH4baDpGw6cLvFgIGd%2FxS"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b125c2e1519-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK pre-vsl.css
www.nobenefit.exchange/clicks/circaknee_files/ 10 KB
3 KB 193ms
160ms Stylesheet
text/css 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/pre-vsl.css
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87f3aaefbbf0909e0285db1023a36cf9455c1428140b3c83ddfe1baad805fa75

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-2912"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzrUB40qGe7lSTDJNH%2FNXlm1jZbJCAOSacaoBxbEEC0%2FQ5z7uHbS3g14arJs6i3Is38TXTsDvclcoo8F2jfWpGGpMI9R4tuTw4JNjharEJ%2BgI2JP01g4ULv6Tm6D4t84%2BYYM9F5bJWUJGdUXxID0d9QTjCBM"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b0e4836367c-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK CTR_FP_TRACKING-v2.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 41 KB
13 KB 322ms
293ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/CTR_FP_TRACKING-v2.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b24f05a0f71d0c8e7134955ebafc7db27ebdca81224aec85309e54f3c9f1d64

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-a365"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r54LS3V7O%2B%2BWMmJks%2BxB9mBgKmCbnLr1QFPBIqcYjGiw4VQTw4BxzLQM%2FjdqcyBGA48dy9El%2BspEZMjTxZF9pvFdtLbmoD4IvjdowMkIj7eRbAwEjx%2FSgvMtVxV6j5BtHr8kkst9apveU6VgnAtiXIpCWHos"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b1289d41501-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK CTR_FUNNEL_TRACKING-v2.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 9 KB
4 KB 158ms
156ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/CTR_FUNNEL_TRACKING-v2.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d47b4ee862a8e9776e8962876f956a3b02a129adf19f76c0c451c1ea4a0a134d

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-2241"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUkfFNgBui3tiyCV6XR2u6h3mpNzOdDLxtxt8t%2Bw1iJnYpXJxEsdEz9qGI3W%2BfG2R4tqIsfiMv3l%2FeB8lLuzfeuQHoXOsk7CRSGUtWZ%2B0Rjx4VVFXQZv1J01RiOrOSlhY6XCMDXhNvG9t3l07TuJAcJgdRZi"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b128e9a69f4-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK ctr_heatmap_tracking-v1.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 30 KB
10 KB 258ms
226ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctr_heatmap_tracking-v1.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568b0a784ed5331fdc78d9d37c348db30162a8645d8c58c9aebdf1d722e2bd8e

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-775e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQiuzALJ8kzdqwaiUgLUHcse1amPl1GHfhiLPXJtZQIy1tNpwFp12%2BFlJnQ%2BM6fZTuA28UXH684w3VoKlwEhTVMtTovs1X%2FcqyM8%2Bhx6FI4HY6ka3QjsLN2lIl4ygJ89Io5XSQRWm52L%2B%2BXWxb8Ocu7A1cI5"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b12bdde1509-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK ctrwow_analytics.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 54 KB
18 KB 283ms
276ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctrwow_analytics.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ba125219ae36204d6e54068c65a3dc30d658da359814e02b32c4dd1e3c65c3f

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-d903"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KEO4rmHSqNnks8acL6r4Hp2RJNzMCf6lbjX%2Fii0tcP5gbTZe5SVDtvVveTILQMfPZS1ReX2P3ZLPrDxdvz4y2AbqFBdIPDC58lbM3mp6Q%2F19PgVrwvRkAxEdbgmqE10UVYxl%2B4B2brDjDCNwt%2FzqU3rdnvy"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b12ce708684-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK E-v1.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 622 KB
151 KB 409ms
409ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc9082010b8f23894dad9ea14d024a4bcf505b7d4d2252c553ae8930b9840684

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-9b796"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOCMXYMZx%2FKAGO7RRuUhXIxbSSpL%2BAYYwo8x546G3KbzLifmVhkzEJIi4Gf65TdnoYLIofyrrTwQJFLmnAWLis9mxRCf8jwK8r7mxZ28eWVcZ5daqufbqza4xfhx4ix3KZrCEVvcvCJY4yz%2FbIRHkjVl2wd3"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b12ee99367c-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ 1 KB
2 KB 112ms
34ms Image
image/gif 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:46 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 216895
x-cache: HIT, HIT
x-cache-hits: 1, 4304
content-length: 1214
x-served-by: cache-iad-kjyo7100173-IAD, cache-mad22043-MAD
x-browser-version: 98
last-modified: Fri, 25 Feb 2022 20:24:59 GMT
x-timer: S1646037706.342817,VS0,VE0
etag: "62193b1b-4be"
strict-transport-security: max-age=0
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000, public
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 624bfc51d2fcbc0ebaac400b53014447.webp
www.nobenefit.exchange/clicks/circaknee_files/ 64 KB
65 KB 276ms
270ms Image
image/webp 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/624bfc51d2fcbc0ebaac400b53014447.webp
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11b47f9ca33a2da98a9cc8fbdd2507a85ab3d8e71d8d499fa185be8cf42cc1f8

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: "6206a8a9-ffe6"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=th1i8Hl93bNwEJix35qgpjahn1suYFD8t5BND8ZSb9oaR72YFG9zGWGMsgkHCE%2Fp%2BU3bRKWeTFzRC7gDrslhS8LRH6QSRBEoO%2Fk543XLHdxsGOd8h03mBbNKsMaGP2mC6YIawWJa5qylIL5txNrVSaNjBLZG"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e485b10588b1519-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 65510

GET
H/1.1 200
OK dmca-badge-resize.webp
www.nobenefit.exchange/clicks/circaknee_files/ 1 KB
2 KB 158ms
158ms Image
image/webp 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/dmca-badge-resize.webp
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 286198e6e4eaa35a618b8c9c954584d5d8c19bb0720228a0546bea63995285fa

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: "6206a8a9-56a"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3YYrdepUCj8HQk5Bt2ImKvb7RdFwsjPywFezR%2BsuiozMi6rUp%2BHi3xwEDj2Ky7i1WJ3YQLGy3aMH1E8TqXNbHdHgahRbEWj%2FzsEgz1yXGWQ%2BL5MeqY0JVioqHB4RWf9fAPrDvro2wwphz1kQ4U%2BTnPdCHhP"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e485b138ff769f4-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1386

GET
H/1.1 200
OK pre-vsl.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 12 KB
5 KB 146ms
145ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/pre-vsl.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 594aa9565b0d9a929fde5cf1c7a316d13b7fe29c21cafde83222c133521b6896

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-3054"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBDRTcSvA2YdX2fEG6l3TRkxiS%2BYicOV%2F51t0zVZRmf5kJoQN7w%2Ba7gRVIEJ3RY5k8oIN6vxOUBzaZ%2B1jXeH%2F%2FiVI3bHyDC%2BVsBqCrooN7zcCDPA%2BE8qouMXYQGTCfXIN3Ddn1ltr4dlcICFXB8LCvtS%2FKXA"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b13de5f1519-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK blueshift_wow.js Show response
www.nobenefit.exchange/clicks/circaknee_files/ 16 KB
6 KB 208ms
207ms Script
application/javascript 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/blueshift_wow.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c291afe05e3e955f1958949beba889c64e3b21928005ba04bbd7c8fd84abb119

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-3e23"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x7B%2BQQh4vaxR1ps4LvfovVr8QNsnlioRrH%2BM%2BNdHm1OQq%2BklgrkTHxmQQTbXitbnbWGN%2BhdGcXBdBa2a7ZnzK%2BHHGvPjhX7DckABXPOgSeIMM6z5AnI9%2FNhLJmjsObUMefhxRxNwB86iDoe9I8De5lUGnaOL"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b142f5b1509-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 83ms
83ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-22484186-3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e6f323d69920c53e9a94a875b96096ff0b3cd995f127374f630e0fb84c01939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37448
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Feb 2022 08:41:46 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 206ms
74ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/css2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 255223
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 25 Feb 2023 09:48:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 224ms
92ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/css2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 398727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 17:56:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 284ms
153ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/css2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 14:02:00 GMT
x-content-type-options: nosniff
age: 499186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Feb 2023 14:02:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 303ms
172ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/css2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 17:58:32 GMT
x-content-type-options: nosniff
age: 398594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 17:58:32 GMT

GET
H/1.1 200
OK icon_shipping.webp
www.nobenefit.exchange/clicks/circaknee_files/ 1 KB
2 KB 265ms
150ms Image
image/webp 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/icon_shipping.webp
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8d83ff7d53074a841c50d8e17b38e41f8624b38f842fe4edad04f63fe9e4962

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: "6206a8a9-597"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHlKsL0m23NsqRJY%2BZLGCmaEOyx2zgUhGPansG8TGgH89R0e8BNqdhJxdR5eTqOfJhSA7B8MbYr5BFpoBhpC2njwL3tWGtOnSD%2BiUAIFJmhl%2FaopDTrclhpoORpWAdR%2FbkB8HCas%2FmehUIYS7aqrexR5uokf"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e485b111beb367c-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1431

GET
H/1.1 200
OK caresole-logo.webp
www.nobenefit.exchange/clicks/circaknee_files/ 11 KB
12 KB 340ms
196ms Image
image/webp 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/caresole-logo.webp
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfd90f4cf00eb0e2918940b49b27c69cade015d631b3d7ac31c227f624edcb83

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: "6206a8a9-2bb4"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUlCngQDHBUxd3Ozdt48vXHN4QcVEXXkOAhcn3WoQk6Z44eFufIivzwVeDec742iyYSKWi%2Bqn8BuiUIPd%2Bx0i%2Fg8syrgzTPBcOuumq%2FWxtdKYX%2B2qkxl1anNrwoOXpStks39QoxaPLoGO1DzVGGwRy0ztkTs"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e485b114d2d69f4-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11188

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 248 KB
73 KB 98ms
98ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5W4SPMQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

09acdd4e6aff3bd42017847bf52c9da4b5fd265e37434af7c56c5f19c292f51a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74834
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Feb 2022 08:41:46 GMT

GET
H/1.1 200
OK blank.htm Show response
www.nobenefit.exchange/clicks/circaknee_files/ Frame BDBB 2 KB
1 KB 152ms
151ms Document
text/html 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/blank.htm
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4082fbd91490dca29de8a985204a543c3bfd77ba5adcb3062588ded44d7ac64b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqsWn3fYt7okn1daOw8NcF97SxN9MJ3n%2BH1qo5nWNLKbYqIr%2B7VyLrWlCRG%2FjCoI5rtOBFAcKOOs1e3yRDOBKkW6VM0thkq2T7MSsmAzfoyJM60ZHG4Ko34HXKDwfXSurd3G0jD%2BrFeFjUkmwPoLJ%2BaTWnWz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e485b105bbc69f4-MAD
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 201ms
62ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-22484186-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4013
date: Mon, 28 Feb 2022 07:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 28 Feb 2022 09:34:53 GMT

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK inject.css
www.nobenefit.exchange/clicks/circaknee_files/blank_data/ Frame BDBB 4 KB
2 KB 229ms
165ms Stylesheet
text/css 2606:4700:3035::6815:1ccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nobenefit.exchange/clicks/circaknee_files/blank_data/inject.css
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/blank.htm
Protocol: HTTP/1.1
Server: 2606:4700:3035::6815:1ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/clicks/circaknee_files/blank.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 11 Feb 2022 18:19:21 GMT
Server: cloudflare
ETag: W/"6206a8a9-f28"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bW78e%2BmJG8%2BECtzCmTIa7JEEP8BDnndr2R3uSxiZt%2FDaDdy%2F9%2B8jA1o6bs1pVWo4UcFIF6r0E7URRJfjwsH%2Fn9ko6uqDVD2%2FxRHPJvK6MjdnYunI2fA11iLDX8uS9RNzbNt2VoO4HH%2BqXpEuCUt7%2FGdeg1Kd"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e485b11bc6d8684-MAD
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
211 B 70ms
69ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=732312543&t=pageview&_s=1&dl=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&ul=en-us&de=UTF-8&dt=Get%20the%20Compression%20Sleeves%20That%20Provide%20Instant%20Relief%20for%20Sore%2C%20Agi&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1899753485&gjid=2016552516&cid=394380937.1646037707&tid=UA-22484186-3&_gid=1404274326.1646037707&_r=1&gtm=2ou2n0&z=1206978705

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.nobenefit.exchange
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-1450693.js Show response
static.hotjar.com/c/ 33 KB
5 KB 181ms
62ms Script
application/javascript 143.204.98.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1450693.js?sv=7

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/gtm_002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-76.fra50.r.cloudfront.net

Software

Resource Hash

7fec0845c389ac3be546d48d8b885941f42a1744ca20a5087425127add3a02ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:46 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 30
etag: W/96fb2dd4428509448ab8861cf69d5d9c
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 7AHK9SGO2c22P09nFP14ANz2QbNA1V_CqOvNLCaywMIWJz4MJ56pww==
via: 1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 99ms
98ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-135383900-2

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/gtm_002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a4821207665c9d296b70d049ce7ff16183210565971ff674d0e80f5b6d474318

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37405
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Feb 2022 08:41:46 GMT

GET
H/1.1 200
OK conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 133ms
70ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/gtm_002.js

Protocol

HTTP/1.1

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Mon, 28 Feb 2022 08:41:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 17635014576153706337
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 14879
X-XSS-Protection: 0
Expires: Mon, 28 Feb 2022 08:41:46 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
446 B 168ms
54ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=394380937.1646037707&jid=1899753485&gjid=2016552516&_gid=1404274326.1646037707&_u=YEBAAUAAAAAAAC~&z=613240155

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 28 Feb 2022 08:41:46 GMT
content-type: text/plain
access-control-allow-origin: http://www.nobenefit.exchange
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 70ms
70ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=732312543&t=pageview&_s=1&dl=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&ul=en-us&de=UTF-8&dt=Get%20the%20Compression%20Sleeves%20That%20Provide%20Instant%20Relief%20for%20Sore%2C%20Agi&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=1086485743&gjid=509684321&cid=394380937.1646037707&tid=UA-135383900-2&_gid=1404274326.1646037707&_r=1&gtm=2ou2n0&z=1477283396

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.nobenefit.exchange
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.f9262b22b79803e6feba.js Show response
script.hotjar.com/ 236 KB
62 KB 184ms
66ms Script
application/javascript 143.204.98.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f9262b22b79803e6feba.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1450693.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-33.fra50.r.cloudfront.net

Software

Resource Hash

1bded02879e2df34de7df88fc7dd7b325a01a4fbc5af6d0877d5e3364c23ce49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 09:20:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 256899
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 62920
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 09:20:06 GMT
etag: "735da755ffe3d238685995ce935edbcb"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: pZKFVrAXXCD7_QwIPtawOqlOEk0WErayLeGNOoPSZ5ZZMP2F-Eq6Gw==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781463602/ 3 KB
2 KB 226ms
88ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781463602/?random=1646037706848&cv=9&fst=1646037706848&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&ref=http%3A%2F%2Fwww.nobenefit.exchange%2Foffer.php%3Fid%3D373%26sid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&tiba=Get%20the%20Compression%20Sleeves%20That%20Provide%20Instant%20Relief%20for%20Sore%2C%20Agi&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e756a9ff5edcba8926fce6a5342bf33d70589e4918c2865b961e6650f8338d65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1265
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 216ms
73ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=394380937.1646037707&jid=1899753485&_u=YEBAAUAAAAAAAC~&z=296855962

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
501 B 220ms
74ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=394380937.1646037707&jid=1899753485&_u=YEBAAUAAAAAAAC~&z=296855962

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 107ms
53ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-135383900-2&cid=394380937.1646037707&jid=1086485743&gjid=509684321&_gid=1404274326.1646037707&_u=aEDAAUABAAAAAC~&z=72861878

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 28 Feb 2022 08:41:46 GMT
content-type: text/plain
access-control-allow-origin: http://www.nobenefit.exchange
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-acca23410e696f2ca3087d947271c3d0.html Show response
vars.hotjar.com/ Frame 65FF 2 KB
1 KB 179ms
59ms Document
text/html 143.204.98.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1450693.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-32.fra50.r.cloudfront.net
Software: /
Resource Hash: e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/

Response headers

content-type: text/html
content-length: 1044
date: Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6f65fac4e8efe167ff5132c0c54c5729"
last-modified: Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2lcFMClKf4scoa5TOpdOx6Hd1Wb0KCh5xBqpeQSLw00itx_XaUbJmw==
age: 2072981

GET
H2 200 / Show response
api.sjpf.io/ 204 B
331 B 380ms
129ms XHR
text/plain 99.83.215.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sjpf.io/

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctrwow_analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.83.215.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ace0c9649cf81ee05.awsglobalaccelerator.com

Software

Resource Hash

7d7b3264c0a1fa1d8bc8d902f5e516c3af2c5f298df7065b8268ef2a4890b0f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=2592000, immutable, private
date: Mon, 28 Feb 2022 08:41:47 GMT
content-length: 204
content-type: text/plain; charset=utf-8

GET
H3 200 /
www.google.com/pagead/1p-user-list/781463602/ 42 B
64 B 155ms
84ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781463602/?random=1646037706848&cv=9&fst=1646035200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&ref=http%3A%2F%2Fwww.nobenefit.exchange%2Foffer.php%3Fid%3D373%26sid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&tiba=Get%20the%20Compression%20Sleeves%20That%20Provide%20Instant%20Relief%20for%20Sore%2C%20Agi&async=1&fmt=3&is_vtc=1&random=2127072345&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.es/pagead/1p-user-list/781463602/ 42 B
64 B 149ms
76ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/pagead/1p-user-list/781463602/?random=1646037706848&cv=9&fst=1646035200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&ref=http%3A%2F%2Fwww.nobenefit.exchange%2Foffer.php%3Fid%3D373%26sid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&tiba=Get%20the%20Compression%20Sleeves%20That%20Provide%20Instant%20Relief%20for%20Sore%2C%20Agi&async=1&fmt=3&is_vtc=1&random=2127072345&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Feb 2022 08:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
fp.ctrwow.com/ 240 B
612 B 446ms
206ms XHR
application/json 75.2.62.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fp.ctrwow.com/

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctrwow_analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.62.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a3b233fbd2625fed8.awsglobalaccelerator.com

Software

nginx /

Resource Hash

1550221b0eea8f3932759a2c4f74a606dcf8700b9e35c6becd259615608a5c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 28 Feb 2022 08:41:47 GMT
server: nginx
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www.nobenefit.exchange
access-control-allow-credentials: true
strict-transport-security: max-age=63072000
content-length: 240

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 270 KB
72 KB 94ms
94ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5F7JVCL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63d6807b4828c24021440c168d2212b392ad69de40168b5579acc3525c0ee644

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:41:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74018
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Feb 2022 08:41:47 GMT

GET
H/1.1 200
OK blueshift.js Show response
cdn.getblueshift.com/ 4 KB
2 KB 128ms
57ms Script
application/javascript 143.204.98.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.getblueshift.com/blueshift.js
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/blueshift_wow.js
Protocol: HTTP/1.1
Server: 143.204.98.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-79.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9f72ed2dfeef063e009cb45581ae6df3d43bd0cf04c299cbde9ed456ae594f8b

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:15:26 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 08 Feb 2022 00:38:50 GMT
Server: AmazonS3
Age: 1593
ETag: "e180e60ec878d69551a1c449b37c6552"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 1990
X-Amz-Cf-Id: avRS2LiA73FBct5ke-qFOKyJ5BExH3wrB1pP4ioqCyng4Jg1NunRXg==

GET
H/1.1 200
OK E-v1.js Show response
fast.wistia.com/assets/external/ 592 KB
142 KB 67ms
34ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/pre-vsl.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3534beaab0cce09163c5b8f8eedc4a261ba39f89355f70ca131af18ec5a32791

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
Age: 891
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 145256
X-Served-By: cache-iad-kiad7000020-IAD, cache-mad22071-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037707.469597,VS0,VE0
ETag: "6217a019-23768"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 9

GET
H/1.1 200
OK wl3c973xo9.json Show response
fast.wistia.net/embed/medias/ 5 KB
3 KB 162ms
119ms Script
text/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/embed/medias/wl3c973xo9.json?callback=wistiajson1

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

622c783b38c12ea5ae716f5553e2369b44fcbfa0efde552a243c3474f3c7b749

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Age: 6447
X-Cache: HIT, MISS
P3P: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
Connection: keep-alive
Content-Length: 1821
X-Request-Id: 6ff0d54109620125176ae28bb12687c4
X-Served-By: cache-iad-kiad7000033-IAD, cache-mad22066-MAD
X-Runtime: 0.064044
Access-Control-Allow-Origin: *
Referrer-Policy: strict-origin-when-cross-origin
X-Timer: S1646037708.500537,VS0,VE86
ETag: W/"622c783b38c12ea5ae716f5553e2369b"
X-Download-Options: noopen
Vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
Strict-Transport-Security: max-age=0
Content-Type: text/javascript; charset=utf-8
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
Cache-Control: public, no-cache
X-Browser: chrome
X-Browser-Version: 98
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 0

GET
H/1.1 200
OK wistia-mux.js Show response
fast.wistia.net/assets/external/ 132 KB
40 KB 77ms
34ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/assets/external/wistia-mux.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f8e7798ef36d36df1886eb4900f3644d3eabd5ef406d7b6fa9b91c8da4844ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
Age: 878
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 40540
X-Served-By: cache-iad-kjyo7100062-IAD, cache-mad22020-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037708.502006,VS0,VE0
ETag: "6217a019-9e5c"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 2

GET
H/1.1 200
OK share-v2.js Show response
fast.wistia.net/assets/external/ 52 KB
17 KB 34ms
33ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/assets/external/share-v2.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f280661fc6db161bf25d534017b8325591ecd8ab8ad2e0c3bdac06f20d2742b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
Age: 834
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 16393
X-Served-By: cache-iad-kjyo7100060-IAD, cache-mad22066-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037708.658595,VS0,VE1
ETag: "6217a019-4009"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 1

GET
H/1.1 200
OK playPauseLoadingControl.js Show response
fast.wistia.net/assets/external/ 59 KB
19 KB 34ms
33ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/assets/external/playPauseLoadingControl.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

705df238a5ec0beb0caf8c639555a4d32d9de27d2cd3be715f639c625f23f7d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Content-Encoding: gzip
Age: 878
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 18435
X-Served-By: cache-iad-kcgs7200152-IAD, cache-mad22066-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037708.708190,VS0,VE0
ETag: "6217a019-4803"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 2006

GET
H/1.1 200
OK 624bfc51d2fcbc0ebaac400b53014447.webp
embedwistia-a.akamaihd.net/deliveries/ 64 KB
65 KB 211ms
73ms Image
image/webp 2.16.186.32
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedwistia-a.akamaihd.net/deliveries/624bfc51d2fcbc0ebaac400b53014447.webp?image_crop_resized=1280x720
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.32 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 11b47f9ca33a2da98a9cc8fbdd2507a85ab3d8e71d8d499fa185be8cf42cc1f8

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:47 GMT
Access-Control-Request-Method: *
surrogate-key: 624bfc51d2fcbc0ebaac400b53014447 thumbnail-delivery
Last-Modified: Tue, 11 May 2021 01:11:50 UTC
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
Cache-Control: max-age=31052525
content-disposition: inline
Connection: keep-alive
Accept-Ranges: none
Content-Length: 65510

POST
H/1.1 200
OK CreateLogHttpTrigger
ctrwow-prod-fingerprint-microservice.azurewebsites.net/api/ 0
359 B 1442ms
745ms Ping
text/plain 52.183.82.125
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ctrwow-prod-fingerprint-microservice.azurewebsites.net/api/CreateLogHttpTrigger?code=X52ZQaDTSiyjsN334TNPrE34ReCoFvTXh7l0v8fT2knldk1LpP1fYw==&trackingId=5f8ea23018087a1c5c16753a
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/ctrwow_analytics.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.183.82.125 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Feb 2022 08:41:49 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Request-Context: appId=

GET
H/1.1 200
OK hls_video.js Show response
fast.wistia.net/assets/external/engines/ 419 KB
119 KB 33ms
33ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/assets/external/engines/hls_video.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3bbf75d0841a591d4333ca949030f3c0bb8e30e606844891d472f5fdd892c6ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Content-Encoding: gzip
Age: 876
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 121349
X-Served-By: cache-iad-kiad7000056-IAD, cache-mad22066-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037708.027972,VS0,VE0
ETag: "6217a019-1da05"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 2

GET
H/1.1 200
OK blank.gif
fast.wistia.com/assets/images/ 1 KB
2 KB 67ms
34ms Image
image/gif 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://fast.wistia.com/assets/images/blank.gif

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://www.nobenefit.exchange/
Origin: http://www.nobenefit.exchange
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Via: 1.1 varnish, 1.1 varnish
Age: 216897
X-Cache: HIT, HIT
X-Cache-Hits: 1, 4299
Connection: keep-alive
Content-Length: 1214
X-Served-By: cache-iad-kjyo7100173-IAD, cache-mad22029-MAD
X-Browser-Version: 98
Last-Modified: Fri, 25 Feb 2022 20:24:59 GMT
X-Timer: S1646037708.194501,VS0,VE0
ETag: "62193b1b-4be"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK v2 Show response
embedwistia-a.akamaihd.net/deliveries/e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47.m3u8/ 2 KB
3 KB 177ms
62ms XHR
application/vnd.apple.mpegurl 2.16.186.32
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://embedwistia-a.akamaihd.net/deliveries/e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47.m3u8/v2
Requested by: Host: fast.wistia.net
URL: http://fast.wistia.net/assets/external/engines/hls_video.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.32 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4a41e3756fef3564024695e5f8e4e9f8e7dc45b2d264e9820a553755ea97f043

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Access-Control-Request-Method: *
surrogate-key: e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47-hls-segment purge-experiment-47
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Cache-Control: max-age=31527418
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 2243
Expires: Tue, 28 Feb 2023 06:18:46 GMT

GET
H/1.1 200
OK seg-1-v1-a1.ts Show response
embedwistia-a.akamaihd.net/deliveries/e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47.m3u8/v2/ 864 KB
865 KB 64ms
64ms XHR
video/mp2t 2.16.186.32
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://embedwistia-a.akamaihd.net/deliveries/e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47.m3u8/v2/seg-1-v1-a1.ts
Requested by: Host: fast.wistia.net
URL: http://fast.wistia.net/assets/external/engines/hls_video.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.32 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5840445f6f9bfc396e2df968189c0bb3fa46cdabcdee8b7fd06350f5321da6f5

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Access-Control-Request-Method: *
surrogate-key: e6a0da2c0ed1bfb0d77119bd29fe1e5ffd8f6a47-hls-segment purge-experiment-47
Last-Modified: Mon, 05 Nov 2018 10:11:00 GMT
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: video/MP2T
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range
Cache-Control: max-age=30752344
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 884728
Expires: Sun, 19 Feb 2023 07:00:52 GMT

POST
H2 204 x Show response
distillery.wistia.com/ 0
96 B 363ms
114ms XHR
text/plain 52.86.94.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.86.94.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-86-94-156.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 28 Feb 2022 08:41:48 GMT
cache-control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK unity.gif Show response
api.getblueshift.com/ 42 B
1 KB 234ms
233ms XHR
image/gif 54.186.45.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://api.getblueshift.com/unity.gif?t=1646037709&e=pageload&r=http%3A%2F%2Fwww.nobenefit.exchange%2Foffer.php%3Fid%3D373%26sid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2&z=602305&x=13c25a652e2a0c05cb06a3b1dba09a85&k=7f3100a2-4781-27ea-56f9-1bd802e8e7df&u=http%3A%2F%2Fwww.nobenefit.exchange%2Fclicks%2Fcircaknee.php%3Fsid%3D952288%26h%3DmB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg%2FQgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2

Requested by

Host: cdn.getblueshift.com
URL: http://cdn.getblueshift.com/blueshift.js

Protocol

HTTP/1.1

Server

54.186.45.77 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-186-45-77.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
X-Api-Key: 13c25a652e2a0c05cb06a3b1dba09a85

Response headers

Date: Mon, 28 Feb 2022 08:41:49 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="unity.gif"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Request-Id: 7b3eadab-a6b2-465b-9ce2-cd3ed0576a96
X-Runtime: 0.037018
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD
Content-Type: image/gif
Pragma: no-cache
Access-Control-Expose-Headers: ETag
Cache-Control: no-cache, no-store
Access-Control-Allow-Headers: *,x-requested-with,Content-Type,If-Modified-Since,If-None-Match
Expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200
OK unity.gif
api.getblueshift.com/ Frame 0
0 414ms
200ms Preflight
image/gif 54.186.45.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Server

54.186.45.77 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-186-45-77.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-api-key
Origin: http://www.nobenefit.exchange
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Content-Type: image/gif; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Content-Type, X-Api-Key
Access-Control-Max-Age: 1728000
X-Request-Id: 13d4520b-add1-4308-bac3-0f3158669793
X-Runtime: 0.003962

GET
H/1.1 200
OK allIntegrations.js Show response
fast.wistia.net/assets/external/ 26 KB
9 KB 34ms
33ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

http://fast.wistia.net/assets/external/allIntegrations.js

Requested by

Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js

Protocol

HTTP/1.1

Server

2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e9fcba14ea80a15948ec75eab4b77a7f279cd9f17975102980d27706ea0ccb86

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: http://www.nobenefit.exchange/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 28 Feb 2022 08:41:48 GMT
Content-Encoding: gzip
Age: 869
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 8235
X-Served-By: cache-iad-kiad7000079-IAD, cache-mad22066-MAD
Access-Control-Allow-Origin: *
X-Browser-Version: 98
Last-Modified: Thu, 24 Feb 2022 15:11:21 GMT
X-Timer: S1646037709.751039,VS0,VE1
ETag: "6217a019-202b"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Cache-Control: public, max-age=3600
X-Browser: chrome
X-ECMA-V: modern
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Cache-Hits: 1, 1

POST
H/1.1 200
OK mput Show response
pipedream.wistia.com/ 2 B
219 B 250ms
112ms XHR
text/plain 184.73.240.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://pipedream.wistia.com/mput?topic=metrics
Requested by: Host: www.nobenefit.exchange
URL: http://www.nobenefit.exchange/clicks/circaknee_files/E-v1.js
Protocol: HTTP/1.1
Server: 184.73.240.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-240-29.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: http://www.nobenefit.exchange/
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 28 Feb 2022 08:41:48 GMT
Connection: keep-alive
Content-Length: 2
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: text/plain; charset=utf-8

POST /
fg8vvsvnieiv3ej16jby.litix.io/ 0
0

OPTIONS /
fg8vvsvnieiv3ej16jby.litix.io/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-22484186-3

Domain: fg8vvsvnieiv3ej16jby.litix.io
URL: https://fg8vvsvnieiv3ej16jby.litix.io/

Domain: fg8vvsvnieiv3ej16jby.litix.io
URL: https://fg8vvsvnieiv3ej16jby.litix.io/

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nobenefit.exchange/	1970-01-20 03:23:33	Name: _gcl_au Value: 1.1.1369648284.1646037706
.nobenefit.exchange/	1970-01-20 18:45:09	Name: _ga Value: GA1.2.394380937.1646037707
.nobenefit.exchange/	1970-01-20 01:15:24	Name: _gid Value: GA1.2.1404274326.1646037707
.nobenefit.exchange/	1970-01-20 01:13:57	Name: _gat_gtag_UA_22484186_3 Value: 1
.nobenefit.exchange/	1970-01-20 01:13:57	Name: _gat_gtag_UA_135383900_2 Value: 1
.doubleclick.net/	1970-01-20 01:13:58	Name: test_cookie Value: CheckForPermission
.nobenefit.exchange/	1970-01-20 09:59:33	Name: _hjSessionUser_1450693 Value: eyJpZCI6ImVjOTk0MDZmLTQxYzAtNWY3ZC1iZDQyLWVmZGUxZGNjZmE1NiIsImNyZWF0ZWQiOjE2NDYwMzc3MDcxMzQsImV4aXN0aW5nIjpmYWxzZX0=
.nobenefit.exchange/	1970-01-20 01:13:59	Name: _hjFirstSeen Value: 1
www.nobenefit.exchange/	1970-01-20 01:13:57	Name: _hjIncludedInSessionSample Value: 0
.nobenefit.exchange/	1970-01-20 01:13:59	Name: _hjSession_1450693 Value: eyJpZCI6ImVjMzA4NzlkLWRlYmYtNGZjMC05NzFmLWFiZTI1MDBjZGMyYiIsImNyZWF0ZWQiOjE2NDYwMzc3MDcxNDgsImluU2FtcGxlIjpmYWxzZX0=
.nobenefit.exchange/	1970-01-20 01:13:59	Name: _hjAbsoluteSessionInProgress Value: 0
.ctrwow-prod-analytics-socketserver.azurewebsites.net/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 599eb307cd5b621d0a5a7e16cf90c05cd45519ee326a9eae00bf89d0bffa694f
.ctrwow.com/	1970-01-20 09:59:33	Name: _iidt Value: Uj96zO1U2T0E2U3mPeS1uFLaH9/v4vHtYsDLQf/xJaT0HLX8RSxTGDAolqGElce2j3QUqk/Zc8TFJTAZErnA8MAN6g==
.nobenefit.exchange/	1970-01-20 09:59:33	Name: _vid Value: Px5SDpffHMZ93IpZfI5o
www.nobenefit.exchange/	1970-01-20 01:15:24	Name: d_ctr_cid_v3 Value: Px5SDpffHMZ93IpZfI5o
www.nobenefit.exchange/	1970-01-20 01:13:59	Name: d_ctr_sid_v35f8ea23018087a1c5c16753a Value: 5f8ea23018087a1c5c16753a.1646037707863.468602793
.nobenefit.exchange/	1970-01-20 09:59:33	Name: _bs Value: 7f3100a2-4781-27ea-56f9-1bd802e8e7df

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: http://www.nobenefit.exchange/clicks/circaknee.php?sid=952288&h=mB648e2gsS9jmSzLmE_zvk1mHjisWnXcBS2mgf25owg/QgC1_CshTopWwKWW_RxIm95SX2RMsjdlfkFHl_2XFWf7EiqUlne8RNJ7PuV84uEbR4IjruuY7-a6NsBIkTKerE2FjphH-cDDluqyPAZ-Rz9QwNJ_u72i4EvoLoEOcaa2 Message: Not allowed to load local resource: blob:https://www.buycircaknee.com/515248ec-3035-482e-8ef3-a5a8989a8a6c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.getblueshift.com
api.sjpf.io
cdn.getblueshift.com
ctrwow-prod-fingerprint-microservice.azurewebsites.net
distillery.wistia.com
embedwistia-a.akamaihd.net
fast.wistia.com
fast.wistia.net
fg8vvsvnieiv3ej16jby.litix.io
fonts.gstatic.com
fp.ctrwow.com
googleads.g.doubleclick.net
pipedream.wistia.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.es
www.googleadservices.com
www.googletagmanager.com
www.nobenefit.exchange
fg8vvsvnieiv3ej16jby.litix.io
www.googletagmanager.com
142.250.185.66
143.204.98.32
143.204.98.33
143.204.98.76
143.204.98.79
184.73.240.29
2.16.186.32
2606:4700:3035::6815:1ccc
2a00:1450:4001:808::2003
2a00:1450:4001:808::2008
2a00:1450:4001:810::2003
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:827::2002
2a00:1450:400c:c00::9b
2a04:4e42:600::622
52.183.82.125
52.86.94.156
54.186.45.77
75.2.62.78
99.83.215.13
00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2
01fcf88d0ee0ff3cc10a948024394b5a87004538985081ca233b7a95ff286a12
083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966
09acdd4e6aff3bd42017847bf52c9da4b5fd265e37434af7c56c5f19c292f51a
0b24f05a0f71d0c8e7134955ebafc7db27ebdca81224aec85309e54f3c9f1d64
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b
11b47f9ca33a2da98a9cc8fbdd2507a85ab3d8e71d8d499fa185be8cf42cc1f8
1550221b0eea8f3932759a2c4f74a606dcf8700b9e35c6becd259615608a5c52
1bded02879e2df34de7df88fc7dd7b325a01a4fbc5af6d0877d5e3364c23ce49
286198e6e4eaa35a618b8c9c954584d5d8c19bb0720228a0546bea63995285fa
2e6f323d69920c53e9a94a875b96096ff0b3cd995f127374f630e0fb84c01939
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3534beaab0cce09163c5b8f8eedc4a261ba39f89355f70ca131af18ec5a32791
3ba125219ae36204d6e54068c65a3dc30d658da359814e02b32c4dd1e3c65c3f
3bbf75d0841a591d4333ca949030f3c0bb8e30e606844891d472f5fdd892c6ce
4082fbd91490dca29de8a985204a543c3bfd77ba5adcb3062588ded44d7ac64b
42d96db836266109af2302d7dc1b29ad2f25e9f772a42323363f6569b69c82de
4a41e3756fef3564024695e5f8e4e9f8e7dc45b2d264e9820a553755ea97f043
518a15f363c50965095455798b2147d7a196d1032709e5a5b1fb6b05da8530c3
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568b0a784ed5331fdc78d9d37c348db30162a8645d8c58c9aebdf1d722e2bd8e
56e347670952e57d894a9f57b7b6d8c10749b79c5c838553c9906acc4a7edf84
5840445f6f9bfc396e2df968189c0bb3fa46cdabcdee8b7fd06350f5321da6f5
594aa9565b0d9a929fde5cf1c7a316d13b7fe29c21cafde83222c133521b6896
622c783b38c12ea5ae716f5553e2369b44fcbfa0efde552a243c3474f3c7b749
63d6807b4828c24021440c168d2212b392ad69de40168b5579acc3525c0ee644
695acd5ffb7987694d0251b0ff07d9b65dac5cffa47829357ad4f619e5a34f9c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
705df238a5ec0beb0caf8c639555a4d32d9de27d2cd3be715f639c625f23f7d6
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7d7b3264c0a1fa1d8bc8d902f5e516c3af2c5f298df7065b8268ef2a4890b0f4
7fec0845c389ac3be546d48d8b885941f42a1744ca20a5087425127add3a02ac
865cae8d516634f1674e284a1eac1229b36de07f3b1b662dee8293aaffd548b1
87f3aaefbbf0909e0285db1023a36cf9455c1428140b3c83ddfe1baad805fa75
8a34fefeaacfe1f612d64877d8b9cf5298c1096f90e25d3641ee99eb774200ad
94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3
9f5793cccdc22570fe5d3a50ca25ac3433efa45a5dbb7d6f18c5df1081b4ee51
9f72ed2dfeef063e009cb45581ae6df3d43bd0cf04c299cbde9ed456ae594f8b
a06e1259ecc9fe3411ca33faaeaca1856531b49de1d0701d75cd656c3d066336
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4821207665c9d296b70d049ce7ff16183210565971ff674d0e80f5b6d474318
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b8d83ff7d53074a841c50d8e17b38e41f8624b38f842fe4edad04f63fe9e4962
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
c291afe05e3e955f1958949beba889c64e3b21928005ba04bbd7c8fd84abb119
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cfd90f4cf00eb0e2918940b49b27c69cade015d631b3d7ac31c227f624edcb83
d47b4ee862a8e9776e8962876f956a3b02a129adf19f76c0c451c1ea4a0a134d
dc9082010b8f23894dad9ea14d024a4bcf505b7d4d2252c553ae8930b9840684
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e756a9ff5edcba8926fce6a5342bf33d70589e4918c2865b961e6650f8338d65
e9fcba14ea80a15948ec75eab4b77a7f279cd9f17975102980d27706ea0ccb86
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f280661fc6db161bf25d534017b8325591ecd8ab8ad2e0c3bdac06f20d2742b1
f8e7798ef36d36df1886eb4900f3644d3eabd5ef406d7b6fa9b91c8da4844ec1

www.nobenefit.exchange Open in urlscan Pro 2606:4700:3035::6815:1ccc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

41 %HTTPS

43 %IPv6

17 Domains

23 Subdomains

22 IPs

3 Countries

2196 kBTransfer

4999 kBSize

17 Cookies

5 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nobenefit.exchange Open in urlscan Pro
2606:4700:3035::6815:1ccc Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

41 %
HTTPS

43 %
IPv6

17
Domains

23
Subdomains

22
IPs

3
Countries

2196 kB
Transfer

4999 kB
Size

17
Cookies

71 HTTP transactions
4 data transactions