aidsubsidy.com Open in urlscan Pro
172.67.187.229 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://oagliwhasoovik.lol/cdut4dkg5/6347437
Effective URL:
https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8...
Submission: On October 24 via api (October 24th 2024, 3:02:22 pm UTC) from US — Scanned from US

Summary HTTP 40 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 9 domains to perform 40 HTTP transactions. The main IP is 172.67.187.229, located in United States and belongs to CLOUDFLARENET, US. The main domain is aidsubsidy.com. The Cisco Umbrella rank of the primary domain is 132746.
TLS certificate: Issued by WE1 on August 28th 2024. Valid for: 3 months.

This is the only time aidsubsidy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 12	104.21.42.14 104.21.42.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 1	2a01:4ff:f0:9... 2a01:4ff:f0:93bf::1	213230 (HETZNER-C...) (HETZNER-CLOUD2-AS)
18	172.67.187.229 172.67.187.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:29e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:400d:c0d::61	15169 (GOOGLE) (GOOGLE)
4	3.213.150.132 3.213.150.132	14618 (AMAZON-AES) (AMAZON-AES)
40	7

12 104.21.42.14 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

oagliwhasoovik.lol	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4ff:f0:93bf::1 (Ashburn, United States) 1 redirects

ASN213230 (HETZNER-CLOUD2-AS, DE)

go.aidsubsidy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 172.67.187.229 (United States)

ASN13335 (CLOUDFLARENET, US)

aidsubsidy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:29e5 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0d::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.213.150.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-150-132.compute-1.amazonaws.com

create.leadid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	aidsubsidy.com 1 redirects go.aidsubsidy.com — Cisco Umbrella Rank: 137177 aidsubsidy.com — Cisco Umbrella Rank: 132746	906 KB
12	oagliwhasoovik.lol 2 redirects oagliwhasoovik.lol	36 KB
4	leadid.com create.leadid.com — Cisco Umbrella Rank: 14045	2 KB
3	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10912	1 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	72 KB
1	lidstatic.com create.lidstatic.com — Cisco Umbrella Rank: 22294	39 KB
0	ringba.com Failed b-js.ringba.com Failed
0	cloudfront.net Failed d2m2wsoho8qq12.cloudfront.net Failed
0	facebook.net Failed connect.facebook.net Failed
40	9

	Domain	Requested by
18	aidsubsidy.com	aidsubsidy.com
12	oagliwhasoovik.lol	2 redirects oagliwhasoovik.lol
4	create.leadid.com	create.lidstatic.com
3	my.rtmark.net	oagliwhasoovik.lol
1	www.googletagmanager.com	aidsubsidy.com
1	create.lidstatic.com	aidsubsidy.com
1	go.aidsubsidy.com	1 redirects
0	b-js.ringba.com Failed	aidsubsidy.com
0	d2m2wsoho8qq12.cloudfront.net Failed	create.lidstatic.com
0	connect.facebook.net Failed	www.googletagmanager.com
40	10

This site contains links to these domains. Also see Links.

Domain
lowerbillsusa.com

Subject Issuer	Validity	Valid
oagliwhasoovik.lol WE1	`2024-10-09` - `2025-01-07`	3 months	crt.sh
rtmark.net R11	`2024-08-30` - `2024-11-28`	3 months	crt.sh
aidsubsidy.com WE1	`2024-08-28` - `2024-11-26`	3 months	crt.sh
lidstatic.com E6	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
create.leadid.com Amazon RSA 2048 M03	`2024-07-20` - `2025-08-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Frame ID: 8B9CB4725C07692995794845D95EF58A
Requests: 39 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=854284F7-5B11-7B5C-C61A-18CAEED3818C&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66
Frame ID: BD5AB10427C055F226D1CCE1EBE2AA80
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://oagliwhasoovik.lol/cdut4dkg5/6347437 HTTP 307
https://oagliwhasoovik.lol/cdut4dkg5/6347437 Page URL
https://oagliwhasoovik.lol/?z=6347437&syncedCookie=true&rhd=false HTTP 302
https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x Page URL
https://oagliwhasoovik.lol/?z=6118780&syncedCookie=false&rhd=false HTTP 302
https://go.aidsubsidy.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=broadband&sub4=chrom... HTTP 302
https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22... Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

40
Requests

93 %
HTTPS

43 %
IPv6

9
Domains

10
Subdomains

7
IPs

3
Countries

1053 kB
Transfer

1482 kB
Size

10
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://lowerbillsusa.com/marketing.html
Title: Lower Bills USA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://oagliwhasoovik.lol/cdut4dkg5/6347437 HTTP 307
https://oagliwhasoovik.lol/cdut4dkg5/6347437 Page URL
https://oagliwhasoovik.lol/?z=6347437&syncedCookie=true&rhd=false HTTP 302
https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x Page URL
https://oagliwhasoovik.lol/?z=6118780&syncedCookie=false&rhd=false HTTP 302
https://go.aidsubsidy.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=broadband&sub4=chrome&sub5=linux&sub6=US&sub7=22104224&sub8=vexus%20fiber&sub9=desktop&amt=5800&ref_id=873332188383556131&cost=0.001260 HTTP 302
https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://oagliwhasoovik.lol/cdut4dkg5/6347437 HTTP 307
https://oagliwhasoovik.lol/cdut4dkg5/6347437

Request Chain 6

https://oagliwhasoovik.lol/?z=6347437&syncedCookie=true&rhd=false HTTP 302
https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

6347437 Show response
oagliwhasoovik.lol/cdut4dkg5/
Redirect Chain

http://oagliwhasoovik.lol/cdut4dkg5/6347437
https://oagliwhasoovik.lol/cdut4dkg5/6347437

29 KB
13 KB

453ms
364ms

Document
text/html

104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebf33df0626253c47989e8702b44d64894f1b48bb2ed6f8f92ffb23e37fb6617

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8d7ad8d09e542b8b-LAX
content-encoding: br
content-type: text/html; charset=utf8
date: Thu, 24 Oct 2024 15:02:16 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEqwFZRcJ%2F8uphO%2BH8hty0rwBsOEsYS%2BiKmHCt0ex3I2e76u0AlbMFJ8VzxKE1NN2QZLmfvHEWOvC4enLjfPsUwFFI3G%2F0TIYdJi06KswH5AQrPxVjnnKemjEr8cMMUYD1mDrdM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=64767&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4180&recv_bytes=4498&delivery_rate=326&cwnd=12000&unsent_bytes=0&cid=6908409dae2942b1&ts=384&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security: max-age=1
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: 13ec3a654b89d4aec82ff88bae15e721

Redirect headers

Location: https://oagliwhasoovik.lol/cdut4dkg5/6347437
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 963ms
202ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=0080ff903ec3440eec6368dcbc6eea68&z=6347437&p_rid=9f8edbce-4ce1-42f7-9e94-7ad1cc8a891f&p_src=sf

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 43
date: Thu, 24 Oct 2024 15:02:17 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

GET
H3 200 sftouch
oagliwhasoovik.lol/ 43 B
1006 B 227ms
227ms Image
image/gif 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://oagliwhasoovik.lol/sftouch?userId=0080ff903ec3440eec6368dcbc6eea68&z=6347437&p_rid=9f8edbce-4ce1-42f7-9e94-7ad1cc8a891f&p_src=sf&branchId=0&rb=bITBsh194jFsM_ziN5P-qXCEu8WKs9wMUbKMZs1GO_wxzRizFSuNtujtCB59h6tCHr3RPQl1qqPZpuz-zO0bvLQODFsO8c0BYIVXtTC6GypSayB0dkFJZbygR6H3uVFVd32RaVEFy5Khbd-As6f3EC2qIS2QJvQEGT2YFVnhXlXKYPPmZqYwNLpVkBApWZ_jpVc87U_1xACbuBmCSRVeV3cbj7MmE6NJclfMGgIxpEdVHbwLtwmQFF1roiRc_lUvzgm425nf8tWEf7jBR5d4JxyUhuagpiLm--50mQghbZk=&w_img=1

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Response headers

access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANf7kqcnjqXWmW12TFNI%2B2vDzPPsmAstqKgQ4wVMfJd5OmaboxFvuORzLr1YESWC6dwED0PLFTgPnNf2OhzZ%2FdHT2K03c9L7Qh47XYtb5rtJECUO8f26F4xPOFac%2FBstiZ53v4k%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
expires: Tue, 11 Jan 1994 10:00:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62271&sent=29&recv=23&lost=0&retrans=0&sent_bytes=18191&recv_bytes=8996&delivery_rate=206388&cwnd=13200&unsent_bytes=0&cid=6908409dae2942b1&ts=735&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:17 GMT
content-type: image/gif
priority: u=3,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security: max-age=1
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma: no-cache
access-control-allow-credentials: true
x-trace-id: 805c81778248870cd254cc5845635e90
cf-ray: 8d7ad8d3aa3b2b8b-LAX
access-control-allow-origin: *
content-length: 43
server: cloudflare

POST
H3 200 add Show response
oagliwhasoovik.lol/log/ 12 B
778 B 360ms
358ms XHR
application/json 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=9f8edbce-4ce1-42f7-9e94-7ad1cc8a891f

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQS4NHokbkR%2Bh1UibePQ12C4w%2FSIfVmE7V2osJgpxyX5hj8iQLOSiArJHkDL1nar347BPo8MMolbk2JLFb4edUgdzNrxJ80zic2rS%2BXk79ymf1bllPaTiWIzKCk7jBa1xc8NakI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62120&sent=30&recv=24&lost=0&retrans=0&sent_bytes=19220&recv_bytes=9040&delivery_rate=4130&cwnd=13200&unsent_bytes=0&cid=6908409dae2942b1&ts=919&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:17 GMT
content-type: application/json; charset=utf-8
priority: u=1,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8d7ad8d3fa982b8b-LAX
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 12
server: cloudflare

POST
H3 200 add Show response
oagliwhasoovik.lol/async_log/ 0
739 B 359ms
358ms XHR
text/plain 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=9f8edbce-4ce1-42f7-9e94-7ad1cc8a891f

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCTftpvDbvcii%2Byb%2BhNfDQNRC%2Bhz6GQbiEoGS%2F%2FxkBPoiDZUgYBfAc4kLHiDufL0pbxsJL1wlRHJdZMSAXVTmklcvgzGqxiohWmfifrRVTtCSovhbMdb9FuS2OeVF1ksqSWIkNY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62120&sent=31&recv=24&lost=0&retrans=0&sent_bytes=20021&recv_bytes=9040&delivery_rate=4130&cwnd=13200&unsent_bytes=0&cid=6908409dae2942b1&ts=922&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:17 GMT
priority: u=1,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8d7ad8d40aa42b8b-LAX
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 0
server: cloudflare

POST
H2 200 img.gif
my.rtmark.net/ 43 B
508 B 211ms
211ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=0080ff903ec3440eec6368dcbc6eea68&z=6347437&p_rid=9f8edbce-4ce1-42f7-9e94-7ad1cc8a891f&p_src=sf

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 43
date: Thu, 24 Oct 2024 15:02:17 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

GET
H3

200

6118780 Show response
oagliwhasoovik.lol/4/
Redirect Chain

https://oagliwhasoovik.lol/?z=6347437&syncedCookie=true&rhd=false
https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

29 KB
13 KB

227ms
225ms

Document
text/html

104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91570de2d9a993f2b5bddbb6025089ea45d95ac4d54d7e4295bb12723200f3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://oagliwhasoovik.lol
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8d7ad8dadb392b8b-LAX
content-encoding: br
content-type: text/html; charset=utf8
date: Thu, 24 Oct 2024 15:02:18 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0h%2FEX6rXbiQ%2FsD4G%2FfC%2FLFwvywtgESidZ3RxT8zkH2gR9xKAOvhCNRE4F67F6fonO8UZey%2FlFNcoTjw4EUdauxdu6q4zG8ft5%2BM1H4H57Sulx%2F3njd6tNAXnYuPt5gCbeBstbA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=62090&sent=43&recv=38&lost=0&retrans=0&sent_bytes=22447&recv_bytes=21889&delivery_rate=6526&cwnd=13200&unsent_bytes=0&cid=6908409dae2942b1&ts=1884&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security: max-age=1
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: 1e23ad456f6a3b880e097d1808897de5

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://oagliwhasoovik.lol
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8d7ad8d969762b8b-LAX
content-length: 0
date: Thu, 24 Oct 2024 15:02:17 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://oagliwhasoovik.lol>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjlcQdcNmswP1Y2uz2h4hzCqwutzKbH5IjmLPnB5FUlPZCbGCzm4LVtSnDgoCWKSf%2F8pcGqccZI62CpyMuY8WjWxXVNvzaxtU8H5ICjGxUYdQMzYjM0OntG1zkavY4xPSDyylIc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=62253&sent=40&recv=36&lost=0&retrans=0&sent_bytes=20968&recv_bytes=21358&delivery_rate=24702&cwnd=13200&unsent_bytes=0&cid=6908409dae2942b1&ts=1656&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security: max-age=1
timing-allow-origin: *
x-content-type-options: nosniff
x-trace-id: 727ff1085b81b763593316a635fabddc

GET
H3 200 sftouch
oagliwhasoovik.lol/ 43 B
1007 B 223ms
223ms Image
image/gif 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://oagliwhasoovik.lol/sftouch?userId=0080ff903ec3440eec6368dcbc6eea68&z=6118780&p_rid=20ac3656-ac84-4340-89ae-96d62b791c22&p_src=sf&branchId=0&rb=gSsy9owNFr5agQESAQ51k4x4_EfdeCU1R5v1CNgDJsZJzHDfCKixXwJ0OJOi64M4Zbqsvy-rT9H0W_cZR6tQWTFgs0peQoke0I3jcrDYtn_ZwIjSr8V7KrfMZMQdsSKE1Lo23ycjFtda4uLAJ5gPvYemrSbI_9tYBgcHbZH3rMZi48TUuTylA8s_HZuf1bq2KepvzFY_by50sPjKjuqNXjUs72-Y_h0euGTi0TeRLK_dUNH2GPdj4yyd8EJOEZMI0HvUN2vks_OTCL6kah1c5S83RTkDhB5ArpoIgqcJhJ3JFPSuBGg9dQ==&w_img=1

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RknngZ2jpeo4gUQpL69dp6FrO0qEP30hh4ritnzvjI9uuMrKA6p82S%2Ff8Pv2h7%2Bg046h2vEuT%2BucxI2EbWAMuqjIqml6FjSevdizh8daKrVc1WjJ6ML6PPuXf1AOii%2F8h1CoDBU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
expires: Tue, 11 Jan 1994 10:00:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61311&sent=69&recv=63&lost=0&retrans=0&sent_bytes=36655&recv_bytes=39512&delivery_rate=35482&cwnd=19200&unsent_bytes=0&cid=6908409dae2942b1&ts=2145&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:18 GMT
content-type: image/gif
priority: u=3,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security: max-age=1
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma: no-cache
access-control-allow-credentials: true
x-trace-id: 7bb75fb270a401aac13fe8ef697b2035
cf-ray: 8d7ad8dc8d8a2b8b-LAX
access-control-allow-origin: *
content-length: 43
server: cloudflare

POST
H3 200 add
oagliwhasoovik.lol/log/ 12 B
780 B 217ms
215ms XHR
application/json 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=20ac3656-ac84-4340-89ae-96d62b791c22

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nFJG0QbE5uWBxu20%2BwDs8zt1JZS49mjihNzT9df0qQtfH7p0j8fC5yXR3%2Fe51RyQ8XauOeHTbv5LIJbrD2rlVPq8RRpoghk3RBpZ9P8bbkctJ8eP3cvfi6vqcQ85l8XNl9JxDm4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61311&sent=71&recv=63&lost=0&retrans=0&sent_bytes=38446&recv_bytes=39512&delivery_rate=35482&cwnd=19200&unsent_bytes=0&cid=6908409dae2942b1&ts=2188&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:18 GMT
content-type: application/json; charset=utf-8
priority: u=1,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8d7ad8dccde92b8b-LAX
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 12
server: cloudflare

POST
H3 200 add
oagliwhasoovik.lol/async_log/ 0
738 B 210ms
210ms XHR
text/plain 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=20ac3656-ac84-4340-89ae-96d62b791c22

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pbLNzlFnU2Sr6Mr4hbMj2H93jLvsdch8YbEljQe%2BBTQsA8hCp66OjiL4SnCRIt7DLIconHdD8yd3CS%2BsrDHpbyueVYhBPNQsxOL2VFG6Stw7z7JwTi%2FdKQsMKBGJv7gvs3nP5DY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61311&sent=70&recv=63&lost=0&retrans=0&sent_bytes=37685&recv_bytes=39512&delivery_rate=35482&cwnd=19200&unsent_bytes=0&cid=6908409dae2942b1&ts=2186&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:18 GMT
priority: u=1,i
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8d7ad8dcddf82b8b-LAX
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 0
server: cloudflare

POST
H2 200 img.gif
my.rtmark.net/ 43 B
508 B 200ms
199ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=0080ff903ec3440eec6368dcbc6eea68&z=6118780&p_rid=20ac3656-ac84-4340-89ae-96d62b791c22&p_src=sf

Requested by

Host: oagliwhasoovik.lol
URL: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: https://oagliwhasoovik.lol
content-length: 43
date: Thu, 24 Oct 2024 15:02:18 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

GET
H3 200 favicon.ico
oagliwhasoovik.lol/ 1 KB
1 KB 357ms
356ms Other
image/x-icon 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"66f56515-47e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UzfQT8o%2BKhfyEoPGM9P%2BDpIh6Vm4a4tU0cFYXl3sdFvbT5GPbtlEFN4QZ4z0irSuuFE6X5M%2FYUVe8PwcL0%2FGhKNgThlGhQa8nCzmxdYjD4WXF33TxQHG5C4T6PfKjK7FVr%2FdYmc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61671&sent=72&recv=65&lost=0&retrans=0&sent_bytes=39249&recv_bytes=39600&delivery_rate=12957&cwnd=19200&unsent_bytes=0&cid=6908409dae2942b1&ts=2338&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:18 GMT
content-type: image/x-icon
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
priority: u=1,i
strict-transport-security: max-age=1
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8dcde042b8b-LAX
server: cloudflare

GET
H3

200

Primary Request / Show response
aidsubsidy.com/lp5/
Redirect Chain

https://oagliwhasoovik.lol/?z=6118780&syncedCookie=false&rhd=false
https://go.aidsubsidy.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=broadband&sub4=chrome&sub5=linux&sub6=US&sub7=22104224&sub8=vexus%20fiber&sub9=desktop&amt=5800&ref_id=873332188383...
https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c4043...

22 KB
6 KB

487ms
258ms

Document
text/html

172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a646fef918e377ba11e7cdb35f194205e32609f44f3635f25aa95420d76e2d21

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://oagliwhasoovik.lol
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8d7ad8e40a000ce3-LAX
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 24 Oct 2024 15:02:19 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eD%2BG3m8z1WCkLIespQJ%2BMxurpZxfZ4pce4yZCqdSfbHQKshw7ultDBYYLSPArfTwi4ic2%2BDFZPhTim%2BZr7IsuXBa7MExn86CimQdUIMURU7nP%2BMhqgau%2Fd3TFBZcjxtX4g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=60168&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4179&recv_bytes=4732&delivery_rate=326&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=412&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding

Redirect headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Content-Length: 384
Content-Type: text/html; charset=utf-8
Date: Thu, 24 Oct 2024 15:02:19 GMT
Location: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
X-Kong-Proxy-Latency: 0
X-Kong-Request-Id: ca1f4a3bc914240079bc78520b9bd81e
X-Kong-Upstream-Latency: 6

GET
H3 200 favicon.ico
oagliwhasoovik.lol/ 1 KB
0 312ms
312ms Other
image/x-icon 104.21.42.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oagliwhasoovik.lol/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.42.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://oagliwhasoovik.lol/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false

Response headers

content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"66f56515-47e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UzfQT8o%2BKhfyEoPGM9P%2BDpIh6Vm4a4tU0cFYXl3sdFvbT5GPbtlEFN4QZ4z0irSuuFE6X5M%2FYUVe8PwcL0%2FGhKNgThlGhQa8nCzmxdYjD4WXF33TxQHG5C4T6PfKjK7FVr%2FdYmc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61671&sent=72&recv=65&lost=0&retrans=0&sent_bytes=39249&recv_bytes=39600&delivery_rate=12957&cwnd=19200&unsent_bytes=0&cid=6908409dae2942b1&ts=2338&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:18 GMT
content-type: image/x-icon
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8dcde042b8b-LAX
server: cloudflare

GET
H3 200 swiper-bundle.min.css
aidsubsidy.com/lp5/ 18 KB
5 KB 75ms
73ms Stylesheet
text/css 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/swiper-bundle.min.css
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c94a0dc6cbd7f95a3c4eb8f7959fd8e5905ff0794116c07a5f09bbac7ef9ffd1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6691a1d5-4804"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WMLuJpLPb3jWQuCK5LZJW%2BLivNIDpMQOZxOPN8Z3vbSau3lGGAIic2ii7g6j3XiaT2IIq9xBUfwOZNdhBbo3qHyeYLf4LLJ43sM5tPMNlensL3nkHiTiEsfop%2B5teXC17Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=19&recv=20&lost=0&retrans=0&sent_bytes=10749&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=549&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: text/css
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60c9b0ce3-LAX
server: cloudflare

GET
H3 200 swiper-bundle.min.js Show response
aidsubsidy.com/lp5/ 145 KB
42 KB 136ms
134ms Script
application/javascript 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/swiper-bundle.min.js
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6942f0873b6a7108e18a983b4192ad469011a8131317f88161d6f0917058da22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6691a1d5-243f7"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3JA4TulL6MdbyeeKXLVcvbADKNlRSYuwkdV3ItZzNWLQyxQu4jGd0%2FdjmzEXEaO0YeFb4JpuiYuTCVu6gMLtv3XwzQfgtt1bPRrTpySH0dZWiFHuiWqi47T%2Bp3MYbWVZHw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=30&recv=20&lost=0&retrans=0&sent_bytes=22749&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=555&x=1", cfExtPri, cfHdrFlush;dur=55
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: application/javascript
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60c9d0ce3-LAX
server: cloudflare

GET
H3 200 style.css
aidsubsidy.com/lp5/ 6 KB
2 KB 76ms
74ms Stylesheet
text/css 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/style.css
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8692b3e5caaf92c5f7540b8e0c97ac42fd80274c26df34e838f9438ada92a523

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6691a1da-163a"
age: 4229
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BsezcDUIU%2BqkmmyxepRujB6k0X8pWXVAaCnsA63SgFWQNdxTDE5KLBsHtu1GlfriawYBR5YdKwgRwT0WFGoQjt4VTJ1ouE1znFfMfqBqbpdLzjGpjwn%2B6rzKKv44ZAet6A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=24&recv=20&lost=0&retrans=0&sent_bytes=16287&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=551&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: text/css
last-modified: Fri, 12 Jul 2024 21:36:26 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60ca00ce3-LAX
server: cloudflare

GET
H3 200 timerclk_v1.3.js Show response
aidsubsidy.com/js/ 2 KB
1 KB 137ms
135ms Script
application/javascript 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/js/timerclk_v1.3.js
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68c50ce36d6a706c212607165c0fcb4ad4d91c1fc8d66db7367a29d29a1704dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66aa9054-65e"
age: 5540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAl23R02mpWwYqtNaFNftmoZ%2BI88zIQK6JNb6M1iErAC4734hESOP8I1B0RU9BCgt%2BzfDhepgzaRcuWMP62Br7rnNTrEuzlu67A%2Feogo8uI1YZTivTIw8DFPnkeVzwxr4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=30&recv=20&lost=0&retrans=0&sent_bytes=22749&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=552&x=1", cfExtPri, cfHdrFlush;dur=58
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: application/javascript
last-modified: Wed, 31 Jul 2024 19:28:20 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60ca10ce3-LAX
server: cloudflare

GET
H3 200 breaking-news.png
aidsubsidy.com/lp5/ 6 KB
7 KB 77ms
75ms Image
image/png 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/breaking-news.png
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce48ba0b3b2d3b1dfc8ae1158b0133035823963b717175a03c2e0d7b1a0419a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1d9-185d"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OU0ebNBaIQRJGTUSzhid1TjAqp7cc0%2FwebSo5bWlnQIgUSIYjEIsmjP8oV7zzqnKd1sheXDtzB3SBFCDbcisKLHuF7YPS1jzQkSQtYJ2EmUGM8BImJSd7HAw9FA8p%2FqVNg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=26&recv=20&lost=0&retrans=0&sent_bytes=18263&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=552&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: image/png
last-modified: Fri, 12 Jul 2024 21:36:25 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60ca30ce3-LAX
accept-ranges: bytes
content-length: 6237
server: cloudflare

GET
H3 200 live.gif
aidsubsidy.com/lp5/ 78 KB
79 KB 136ms
134ms Image
image/gif 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/live.gif
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5753af534566bc6711ac61389e1ab7870faaebfe8c612881e3f8c81e836963d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1d5-138b5"
age: 6964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pRQWo%2FYthqU2dLr4CvmCYArCelN%2FhKDwW%2FYTWlTEN%2FqIIycTuKgDZHDNmevWx0Fi1QR2F4xn6AOj4wcX%2FIktOJuzPFegXErrQJgTtPSI0AwNRyjShbiD0DMlU%2FJQJ3zfMg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61100&sent=30&recv=20&lost=0&retrans=0&sent_bytes=22749&recv_bytes=8226&delivery_rate=104648&cwnd=12000&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=552&x=1", cfExtPri, cfHdrFlush;dur=58
date: Thu, 24 Oct 2024 15:02:19 GMT
content-type: image/gif
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e60ca40ce3-LAX
accept-ranges: bytes
content-length: 80053
server: cloudflare

GET
H3 200 tap.gif
aidsubsidy.com/lp5/ 114 KB
114 KB 76ms
75ms Image
image/gif 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/tap.gif
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed1a6ff802c3e71b1c3e732bb37deef071e0ff76f6e75a21c3b1dea2bf28908b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1da-1c614"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t4KTgLURnLXdPVDQBmNzdASdGiJ0XyCbh8KRztdggwHN%2BohipM%2FjzZSKLw5dD0qSWRIkx0G24JKAYuWrCbvt8y0awXV6AbCRQo%2BUHdNvWH%2BbjnXdZkmrevxcnkgjYmvvg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=147&recv=63&lost=0&retrans=0&sent_bytes=153131&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=746&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/gif
last-modified: Fri, 12 Jul 2024 21:36:26 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e74e030ce3-LAX
accept-ranges: bytes
content-length: 116244
server: cloudflare

GET
H3 200 parliment.png
aidsubsidy.com/lp5/ 50 KB
51 KB 86ms
83ms Image
image/png 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/parliment.png
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d31e6f203499c1efa94e5859582715c6fc68ac81ca8a67e5db83bdab78ec7111

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1da-c8ce"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1R9mCc0SdPSq%2FBEutFAuAnqPVuXO8%2BsOggcg6Wx7hgocnI%2FhvnE4a5SGWhzJsYHkiDZGOiZLwW%2B%2F23vL4EN%2F8p6I9SgdMe%2BYNQNwYq7wQsf4TjNrqRAhBov2OlRh0ZeFA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=757&x=1", cfExtPri, cfHdrFlush;dur=10
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/png
last-modified: Fri, 12 Jul 2024 21:36:26 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e140ce3-LAX
accept-ranges: bytes
content-length: 51406
server: cloudflare

GET
H3 200 congrats.png
aidsubsidy.com/lp5/ 48 KB
49 KB 86ms
83ms Image
image/png 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/congrats.png
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e0adfc2dcb07244bc15bafbb6a55284968c2802324856d3183421a17266035d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1d9-c005"
age: 2374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQSmBp1Sh1wfjDzxbXoPmsNmrge74s7r%2B8WV9Uy4uFwmEPfro%2BzZ3gjebteFEIZdLL2avT2CbhU4eZYrwyIYkS2jRUMl6n5FD7uCgRq5KbZ5mXQmdwQJ%2BC%2B1OT%2BmnOenSA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=760&x=1", cfExtPri, cfHdrFlush;dur=7
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/png
last-modified: Fri, 12 Jul 2024 21:36:25 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e1a0ce3-LAX
accept-ranges: bytes
content-length: 49157
server: cloudflare

GET
H3 200 phone.png
aidsubsidy.com/lp5/ 5 KB
5 KB 179ms
177ms Image
image/png 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/phone.png
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e660c86fa1c9eeb2405516532fbdc3624eac12bf137f49d8a16864265f6166

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1da-1276"
age: 2382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHQ0ezA%2F9Vj02SkYGSS3iRvAHJ8rRlrRCeXzaEeEgBHVpq4jDSCtM5pvcaJGVYSrGMhYEDJU9dj8uUKAsA0xg3lAzyPRpXYjmcoLhFHpALDcZ3IwTfmbHBZHY4lyWseRvw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=766&x=1", cfExtPri, cfHdrFlush;dur=28
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/png
last-modified: Fri, 12 Jul 2024 21:36:26 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e1e0ce3-LAX
accept-ranges: bytes
content-length: 4726
server: cloudflare

GET
H3 200 whitehouse.png
aidsubsidy.com/lp5/ 139 KB
140 KB 180ms
177ms Image
image/png 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/whitehouse.png
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db1c5f1903a12837cbfe76d478cda1612a0ff9bda9e502c33954c334d2ed5697

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status: HIT
etag: "6691a1d9-22bc0"
age: 2382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iV1p4pM9leKwNoilz944sEJUFO%2FVIV39alsp6wYA%2Fhvcvm2t1gEiy1tNxaGA%2FTLYYvuUyo1Ns4sOBu5go8XFEYHCZ1osJYv%2F9GvSiAsseC%2Fd%2F8uDQwXAWn4dMtmlXM5ZNw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=760&x=1", cfExtPri, cfHdrFlush;dur=34
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/png
last-modified: Fri, 12 Jul 2024 21:36:25 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e200ce3-LAX
accept-ranges: bytes
content-length: 142272
server: cloudflare

GET
H3 200 jquery.min.js Show response
aidsubsidy.com/lp5/ 85 KB
31 KB 117ms
114ms Script
application/javascript 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/jquery.min.js
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6691a1d5-155a6"
age: 2376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JOScBZSQNrHZ%2BGwKDsQ9IsJZFpw1ThdLzuXhOlJZwOGFsHals%2FK5QvgGDXuZKsN%2B%2B7U49Cx%2FyiRAcJaTgZlxghNGaF0uw50SptptDEbmZiD%2FNKvbYnsAyUWkNGcSTGSgA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=760&x=1", cfExtPri, cfHdrFlush;dur=34
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: application/javascript
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e1c0ce3-LAX
server: cloudflare

GET
H2 200 a57816b4-6c59-f397-7853-7e14e45d3e1b.js Show response
create.lidstatic.com/campaign/ 121 KB
39 KB 281ms
76ms Script
text/javascript 2606:4700:10::ac43:29e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:29e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f93e14fd5c9e6b37ef75366cc7da674216303da0df21377ac275abb45f46642f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"e2798b352a3c606d3011de9a0d41e6bb"
x-amz-version-id: LOxb9_S9sT_OxE1gKVR12awM5PgUUTpm
age: 530
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: text/javascript
last-modified: Thu, 10 Oct 2024 22:58:35 GMT
vary: Accept-Encoding
x-amz-id-2: TLODnLJ3GHsIYTMZeaTOaRXoNfKJD+W6h/nOl35Mz9Du6pW+ejGdpDP2WyCwaYDmXJueImYPrpl9ueiA00evRBOaK4yf8umygKNzdxAs/aI=
x-amz-replication-status: COMPLETED
cache-control: max-age=1800
x-amz-request-id: RBYB9X4NBN4V58VY
cf-ray: 8d7ad8e898323104-LAX
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 202 KB
72 KB 392ms
133ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KBD8WP6

Requested by

Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f663718e89a65a0e9a01d8c2f91011f92cf885e83b0c30cc1ab2ddc304b9290

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 24 Oct 2024 15:02:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 73312
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 bg.jpg
aidsubsidy.com/lp5/ 54 KB
55 KB 179ms
178ms Image
image/jpeg 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aidsubsidy.com/lp5/bg.jpg
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cecaaf9bddf7acf44fe8802bda00b0755b2c2cfa464d1b2e00e975ea1743643d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://aidsubsidy.com/lp5/style.css

Response headers

cf-cache-status: HIT
etag: "6691a1db-d815"
age: 4229
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1tWtEKCZ8HPs1kZA%2BO1NnavFRsOYRlU2vczQ%2FqU6CBN5AWNn8ljajjEKc2gKWRQgEC47xh8qdN8uCFADSnfiqen6O8PJphEDyiXYZTZbGx1Qj6fu1rEclij5UDu%2BQvBT9g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62234&sent=158&recv=63&lost=0&retrans=0&sent_bytes=165911&recv_bytes=13651&delivery_rate=751383&cwnd=75600&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=762&x=1", cfExtPri, cfHdrFlush;dur=32
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: image/jpeg
last-modified: Fri, 12 Jul 2024 21:36:27 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d7ad8e75e240ce3-LAX
accept-ranges: bytes
content-length: 55317
server: cloudflare

GET
H3 206 audio-1.mp3
aidsubsidy.com/lp5/ 35 KB
35 KB 84ms
84ms Media
audio/mpeg 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/audio-1.mp3
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1eaf38961b3f7bf0044b766d855bf9ebeb5702f5d7f19c195216ee544c5f6ce5

Request headers

Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

cf-cache-status: HIT
etag: "6691a1d8-8a03"
age: 1778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BXUNQSR7JpU5dVK2fefrd7i0vxERQE%2FcvvOaRv6moExHzpuoKlPW%2BL0din25Q4DTBA1vvPvowTXf%2BU%2FEYIAvkcH%2Bgyy%2FltmBGRyI0zIVLgULJqrLRv7k5FBmgkFs7AOmMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=63073&sent=689&recv=107&lost=0&retrans=0&sent_bytes=791183&recv_bytes=17091&delivery_rate=3588506&cwnd=290400&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=925&x=1", cfExtPri, cfHdrFlush;dur=8
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: audio/mpeg
last-modified: Fri, 12 Jul 2024 21:36:24 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-35330/35331
cf-ray: 8d7ad8e86f4f0ce3-LAX
Content-Length: 35331
server: cloudflare

GET
H3 206 audio-2.mp3
aidsubsidy.com/lp5/ 43 KB
44 KB 78ms
77ms Media
audio/mpeg 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/audio-2.mp3
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd71b0b1888eafff2a810f605530236ff2de3c0dc52d0ee44ac0cbe97cae53a5

Request headers

Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

cf-cache-status: HIT
etag: "6691a1da-ab6d"
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvWgjVc%2F%2BdpbIvkGLAbQNw8UIMPhb4QEbsAXMbUYwTtCobehwntmbu6HK94KxbL5n5Ok2l9lXLKd9360xKrJt4UpAWuT3JpRWWA4cqeDExdMdvATpI8ZBmWmn0zBhVV%2BMg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62818&sent=545&recv=102&lost=0&retrans=0&sent_bytes=618522&recv_bytes=16866&delivery_rate=3039685&cwnd=290400&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=923&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: audio/mpeg
last-modified: Fri, 12 Jul 2024 21:36:26 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-43884/43885
cf-ray: 8d7ad8e86f540ce3-LAX
Content-Length: 43885
server: cloudflare

GET
H3 206 audio-4-5800.mp3
aidsubsidy.com/lp5/ 239 KB
239 KB 77ms
76ms Media
audio/mpeg 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/audio-4-5800.mp3
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 557953f818c6b4e6b51e6b8e3ffe1db191546f016fd9742401f6082cd38b3c6b

Request headers

Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

cf-cache-status: HIT
etag: "6691a1d5-3ba48"
age: 131
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pWNNT1magbsw1A7mrx4Uw9eh%2BrsuunUxGlU1vKzV7iBj60XcI7vqlke0DFSj6JM8%2BX%2FMlWs%2Fwtvri8vxAkMgPZuG6O6hHKMVo83vc8G2ndJS4c2bS1FrUaXcp5fOeW%2FjHA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=63073&sent=565&recv=107&lost=0&retrans=0&sent_bytes=642522&recv_bytes=17091&delivery_rate=3588506&cwnd=290400&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=924&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: audio/mpeg
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-244295/244296
cf-ray: 8d7ad8e86f550ce3-LAX
Content-Length: 244296
server: cloudflare

GET
H3 206 audio-4-5800.mp3
aidsubsidy.com/lp5/ 12 KB
0 154ms
75ms Media
audio/mpeg 172.67.187.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aidsubsidy.com/lp5/audio-4-5800.mp3
Requested by: Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://aidsubsidy.com/lp5/?clickid=671a617bf0a026a6c2e37072&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=bc0636bd6cedb23d52c73d0c40436417.1729782439&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

cf-cache-status: HIT
etag: "6691a1d5-3ba48"
age: 131
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0bDoyjEvNcaHXiw22EDluTMLv3rmlBI44bnYIQQ3grkdcYAmI0wAfaq6OdVKycpvppLv%2B7s0MNzg5BqschkvzEQpo%2Bj7rNdKGhqFNRZyFVFilCWxde%2FM2RKZzNt3c0CQA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66567&sent=824&recv=145&lost=0&retrans=0&sent_bytes=951616&recv_bytes=19302&delivery_rate=5673549&cwnd=385200&unsent_bytes=0&cid=cccdfd8738ac6d46&ts=1006&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: audio/mpeg
last-modified: Fri, 12 Jul 2024 21:36:21 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-244295/244296
cf-ray: 8d7ad8e8efd30ce3-LAX
Content-Length: 244296
server: cloudflare

POST
H2 200 GenerateToken Show response
create.leadid.com/2.15.1/ 36 B
656 B 451ms
171ms XHR
text/plain 3.213.150.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/GenerateToken?msn=1&pid=744614bc-ebc7-4c7e-9132-01eb27c4fa86&_=203903946

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.213.150.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-150-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5265af58276e58c2f5c975ef123d034aee9ae83e05a9046e35d42b877932cad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://aidsubsidy.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

GET fbevents.js
connect.facebook.net/en_US/ 0
0

GET iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame BD5A 0
0

POST
H2 200 SaveDom Show response
create.leadid.com/2.15.1/ 0
622 B 133ms
131ms XHR
text/plain 3.213.150.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/SaveDom?msn=2&pid=744614bc-ebc7-4c7e-9132-01eb27c4fa86&token=854284F7-5B11-7B5C-C61A-18CAEED3818C&_=203903947

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.213.150.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-150-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://aidsubsidy.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

POST
H2 200 InitFormData Show response
create.leadid.com/2.15.1/ 0
621 B 126ms
124ms XHR
text/plain 3.213.150.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/InitFormData?msn=3&pid=744614bc-ebc7-4c7e-9132-01eb27c4fa86&token=854284F7-5B11-7B5C-C61A-18CAEED3818C&_=203903948

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.213.150.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-150-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://aidsubsidy.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 15:02:20 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

GET CA701edcfda750434cbdf14b7ceddcabf1
b-js.ringba.com/ 0
0

POST
H2 200 Snap Show response
create.leadid.com/2.15.1/ 0
622 B 494ms
359ms XHR
text/plain 3.213.150.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/Snap?msn=4&pid=744614bc-ebc7-4c7e-9132-01eb27c4fa86&token=854284F7-5B11-7B5C-C61A-18CAEED3818C&_=203903949

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.213.150.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-150-132.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://aidsubsidy.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 15:02:21 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Domain: d2m2wsoho8qq12.cloudfront.net
URL: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=854284F7-5B11-7B5C-C61A-18CAEED3818C&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66

Domain: b-js.ringba.com
URL: https://b-js.ringba.com/CA701edcfda750434cbdf14b7ceddcabf1

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
oagliwhasoovik.lol/	1970-01-21 09:15:18	Name: OAID Value: 0080ff903ec3440eec6368dcbc6eea68
oagliwhasoovik.lol/	1970-01-21 09:15:18	Name: oaidts Value: 1729782136
my.rtmark.net/	1970-01-21 09:15:18	Name: ID Value: 0080ff903ec3440eec6368dcbc6eea68
oagliwhasoovik.lol/	1970-01-21 00:39:46	Name: syncedCookie Value: true
oagliwhasoovik.lol/	1970-01-21 00:29:45	Name: captcha Value: system
.go.aidsubsidy.com/	1970-01-21 00:31:08	Name: redcmps Value: W3siaWQiOiI2NmVjODE5NGQ1OWM2ZjdhN2MzNGQ4ZjAiLCJ0IjoiMjAyNC0xMC0yNFQxNTowMjoxOS4xOTg2MTQ0MjVaIn1d
.go.aidsubsidy.com/	1970-01-21 09:15:18	Name: redhash Value: NjcxYTYxN2JmMGEwMjZhNmMyZTM3MDcyfDB8NjZlYzgxOTRkNTljNmY3YTdjMzRkOGYwfHwzODBmNzA3YS01YWYyLTQ3YzQtYjZhZi0yMTRmYzIxMTRiMWJ8MTcyOTc4MjEzOQ==
aidsubsidy.com/	1970-01-21 00:29:43	Name: PHPSESSID Value: 1be0g0f5vsoavp3gkaneasnku6
aidsubsidy.com/	1970-01-21 01:12:54	Name: lang Value: en
aidsubsidy.com/	1969-12-31 23:59:59	Name: leadid_token-F252983F-4BD1-0DD8-CD81-F4700AF60B66-A57816B4-6C59-F397-7853-7E14E45D3E1B Value: 854284F7-5B11-7B5C-C61A-18CAEED3818C

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://oagliwhasoovik.lol/cdut4dkg5/6347437 Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C089100C250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://oagliwhasoovik.lol/afu.php?zoneid=6347437&var=&rid=x09bzj4MnDSHN9Ot4ZZB1Q%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C0C3010C250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://oagliwhasoovik.lol/4/6118780?var=6347437&btz=Pacific/Honolulu&bto=600&bar=x(Line 81) Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C0C3010C250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://oagliwhasoovik.lol/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false Message: [GroupMarkerNotSet(crbug.com/242999)!:A080D4010C250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aidsubsidy.com
b-js.ringba.com
connect.facebook.net
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
go.aidsubsidy.com
my.rtmark.net
oagliwhasoovik.lol
www.googletagmanager.com
b-js.ringba.com
connect.facebook.net
d2m2wsoho8qq12.cloudfront.net
104.21.42.14
139.45.195.8
172.67.187.229
2606:4700:10::ac43:29e5
2607:f8b0:400d:c0d::61
2a01:4ff:f0:93bf::1
3.213.150.132
1eaf38961b3f7bf0044b766d855bf9ebeb5702f5d7f19c195216ee544c5f6ce5
38e660c86fa1c9eeb2405516532fbdc3624eac12bf137f49d8a16864265f6166
5265af58276e58c2f5c975ef123d034aee9ae83e05a9046e35d42b877932cad9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
557953f818c6b4e6b51e6b8e3ffe1db191546f016fd9742401f6082cd38b3c6b
5753af534566bc6711ac61389e1ab7870faaebfe8c612881e3f8c81e836963d5
68c50ce36d6a706c212607165c0fcb4ad4d91c1fc8d66db7367a29d29a1704dc
6942f0873b6a7108e18a983b4192ad469011a8131317f88161d6f0917058da22
7e0adfc2dcb07244bc15bafbb6a55284968c2802324856d3183421a17266035d
8692b3e5caaf92c5f7540b8e0c97ac42fd80274c26df34e838f9438ada92a523
91570de2d9a993f2b5bddbb6025089ea45d95ac4d54d7e4295bb12723200f3aa
9f663718e89a65a0e9a01d8c2f91011f92cf885e83b0c30cc1ab2ddc304b9290
a646fef918e377ba11e7cdb35f194205e32609f44f3635f25aa95420d76e2d21
c94a0dc6cbd7f95a3c4eb8f7959fd8e5905ff0794116c07a5f09bbac7ef9ffd1
cd71b0b1888eafff2a810f605530236ff2de3c0dc52d0ee44ac0cbe97cae53a5
ce48ba0b3b2d3b1dfc8ae1158b0133035823963b717175a03c2e0d7b1a0419a5
cecaaf9bddf7acf44fe8802bda00b0755b2c2cfa464d1b2e00e975ea1743643d
d31e6f203499c1efa94e5859582715c6fc68ac81ca8a67e5db83bdab78ec7111
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
db1c5f1903a12837cbfe76d478cda1612a0ff9bda9e502c33954c334d2ed5697
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf33df0626253c47989e8702b44d64894f1b48bb2ed6f8f92ffb23e37fb6617
ed1a6ff802c3e71b1c3e732bb37deef071e0ff76f6e75a21c3b1dea2bf28908b
f93e14fd5c9e6b37ef75366cc7da674216303da0df21377ac275abb45f46642f
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

aidsubsidy.com Open in urlscan Pro 172.67.187.229 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

93 %HTTPS

43 %IPv6

9 Domains

10 Subdomains

7 IPs

3 Countries

1053 kBTransfer

1482 kBSize

10 Cookies

1 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

aidsubsidy.com Open in urlscan Pro
172.67.187.229 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

93 %
HTTPS

43 %
IPv6

9
Domains

10
Subdomains

7
IPs

3
Countries

1053 kB
Transfer

1482 kB
Size

10
Cookies

40 HTTP transactions
0 data transactions