equi5.subsidyaid.com Open in urlscan Pro
34.123.196.68 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ak.peethach.com/4/6960282/0.10354496925514534
Effective URL:
https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=789813...
Submission: On February 06 via api (February 6th 2024, 9:04:59 pm UTC) from US — Scanned from US

Summary HTTP 53 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 17 domains to perform 53 HTTP transactions. The main IP is 34.123.196.68, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is equi5.subsidyaid.com.
TLS certificate: Issued by R3 on January 27th 2024. Valid for: 3 months.

This is the only time equi5.subsidyaid.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	23.44.201.166 23.44.201.166	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 18	172.64.204.9 172.64.204.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 2	34.232.110.131 34.232.110.131	14618 (AMAZON-AES) (AMAZON-AES)
14	34.123.196.68 34.123.196.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2607:f8b0:400... 2607:f8b0:4006:81c::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2003	() ()
1	2600:9000:23c... 2600:9000:23cb:5600:9:5bab:8100:93a1	() ()
1	64.185.227.156 64.185.227.156	() ()
1	2600:1f18:248... 2600:1f18:2489:8201::c8	() ()
1	104.154.135.87 104.154.135.87	() ()
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	() ()
2	54.211.24.82 54.211.24.82	() ()
1	34.120.195.249 34.120.195.249	() ()
53	18

1 23.44.201.166 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-201-166.deploy.static.akamaitechnologies.com

ak.peethach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 172.64.204.9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

totalnicenewz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.232.110.131 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-110-131.compute-1.amazonaws.com

track.additionalbenefits.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.subsidyaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.123.196.68 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.196.123.34.bc.googleusercontent.com

equi5.subsidyaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:5600:9:5bab:8100:93a1 (None, )

ASN- ()

js.callcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.185.227.156 (None, )

ASN- ()

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:2489:8201::c8 (None, )

ASN- ()

lander-main-microservice.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.154.135.87 (None, )

ASN- ()

funnel.improveourcredit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (None, )

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.211.24.82 (None, )

ASN- ()

display.ringba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (None, )

ASN- ()

o4506236711272448.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	totalnicenewz.com 1 redirects totalnicenewz.com	78 KB
15	subsidyaid.com equi5.subsidyaid.com track.subsidyaid.com	1 MB
4	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11663 Failed	2 KB
2	ringba.com display.ringba.com	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	69 KB
1	sentry.io o4506236711272448.ingest.sentry.io	590 B
1	facebook.com www.facebook.com	185 B
1	improveourcredit.com funnel.improveourcredit.com	2 KB
1	netlify.app lander-main-microservice.netlify.app	994 B
1	ipify.org api.ipify.org	222 B
1	callcdn.com js.callcdn.com	3 KB
1	gstatic.com fonts.gstatic.com	62 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	45 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	847 B
1	additionalbenefits.org 1 redirects track.additionalbenefits.org	737 B
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 49226	470 B
1	peethach.com ak.peethach.com — Cisco Umbrella Rank: 259600	2 KB
53	17

	Domain	Requested by
18	totalnicenewz.com	1 redirects ak.peethach.com totalnicenewz.com
14	equi5.subsidyaid.com	equi5.subsidyaid.com
4	my.rtmark.net	ak.peethach.com totalnicenewz.com
2	display.ringba.com	equi5.subsidyaid.com
2	connect.facebook.net	equi5.subsidyaid.com connect.facebook.net
1	o4506236711272448.ingest.sentry.io	equi5.subsidyaid.com
1	track.subsidyaid.com	lander-main-microservice.netlify.app
1	www.facebook.com	equi5.subsidyaid.com
1	funnel.improveourcredit.com	equi5.subsidyaid.com
1	lander-main-microservice.netlify.app	equi5.subsidyaid.com
1	api.ipify.org	equi5.subsidyaid.com
1	js.callcdn.com	equi5.subsidyaid.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	equi5.subsidyaid.com
1	fonts.googleapis.com	equi5.subsidyaid.com
1	track.additionalbenefits.org	1 redirects
1	datatechone.com	totalnicenewz.com
1	ak.peethach.com
53	18

This site contains no links.

Subject Issuer	Validity	Valid
totalnicenewz.com GTS CA 1P5	`2024-01-19` - `2024-04-18`	3 months	crt.sh
rtmark.net R3	`2023-12-23` - `2024-03-22`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-10` - `2024-12-23`	a year	crt.sh
equi5.subsidyaid.com R3	`2024-01-27` - `2024-04-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-16` - `2024-02-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.callcdn.com Amazon RSA 2048 M02	`2024-01-30` - `2025-02-26`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
*.netlify.app DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-15` - `2025-02-14`	a year	crt.sh
funnel.improveourcredit.com R3	`2024-01-11` - `2024-04-10`	3 months	crt.sh
track.subsidyaid.com R3	`2024-01-16` - `2024-04-15`	3 months	crt.sh
*.ringba.com Amazon RSA 2048 M03	`2023-11-27` - `2024-12-23`	a year	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Frame ID: FC951402A730AE72647D33FE9D36BA10
Requests: 64 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

subsidyaid.com

Page URL History Show full URLs

http://ak.peethach.com/4/6960282/0.10354496925514534 Page URL
https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z... Page URL
https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z... Page URL
https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc... Page URL
https://totalnicenewz.com/rhd?z=4662728&syncedCookie=false&rhd=true HTTP 302
https://track.additionalbenefits.org/742ca7d8-c5c4-499a-a412-67ea49912e87?zoneid=4662728&bannerid=20248186&zonety... HTTP 302
https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

53
Requests

94 %
HTTPS

41 %
IPv6

17
Domains

18
Subdomains

18
IPs

3
Countries

1327 kB
Transfer

1750 kB
Size

28
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ak.peethach.com/4/6960282/0.10354496925514534 Page URL
https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Page URL
https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2 Page URL
https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311 Page URL
https://totalnicenewz.com/rhd?z=4662728&syncedCookie=false&rhd=true HTTP 302
https://track.additionalbenefits.org/742ca7d8-c5c4-499a-a412-67ea49912e87?zoneid=4662728&bannerid=20248186&zonetype={zone_type}&campaignid=7898133&device=desktop&region=fl&isp=781237823&source=PR2&medium=push&cost=0.009741&visitor_id=778840178084290638 HTTP 302
https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 0.10354496925514534
ak.peethach.com/4/6960282/ 2 KB
2 KB 344ms
226ms Document
text/html 23.44.201.166
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://ak.peethach.com/4/6960282/0.10354496925514534
Protocol: HTTP/1.1
Server: 23.44.201.166 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-44-201-166.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
Access-Control-Allow-Methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: * *
Access-Control-Max-Age: 86400
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 724
Content-Type: text/html; charset=utf8
Date: Tue, 06 Feb 2024 21:04:43 GMT
Expires: Tue, 06 Feb 2024 21:04:43 GMT
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://totalnicenewz.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
Pragma: no-cache
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Trace-Id: 2b9ac68f9a14596f96f7eb8882aea014

POST img.gif
my.rtmark.net/ 0
0

GET
H2 200 / Show response
totalnicenewz.com/ 40 KB
14 KB 344ms
245ms Document
text/html 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Requested by: Host: ak.peethach.com
URL: http://ak.peethach.com/4/6960282/0.10354496925514534
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: f95c981808ede025f8b7779224d068b815e378822515ed5f635313d763d893f5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 851658e3a8a05c76-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 21:04:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSoXqU06tXItLQryZP8yu1lg6k%2FpRgP2gTypj%2FzViOw%2B9goBukELipixuTsW4%2BETWnTiyD6a4q%2F2Sw9Vg49A%2BkmNanHTnmfId8v%2FiqbprkFZ1VlT87Prs7kFyVaMUeMyHXSK6g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
544 B 145ms
144ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=87945cdc88cc875910c0fd963e4a3311

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fab8fbf38ce4e7272b8ddf9d0f2d83b4ed736c21ed16d5e13a0f2faae6b5a034

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalnicenewz.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 micro.tag.min.js Show response
totalnicenewz.com/pfe/current/ 28 KB
11 KB 166ms
163ms Script
application/javascript 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc5f2967a33d6cd3df5091e31bd1fecb3d19094ba3f563fe26287a8ce7117b7f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 21:04:44 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 25 Jan 2024 09:37:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b22bc5-704a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IA37xTZlRnI4yE5n1mOxBF%2FDzR4WaMCW%2BnANh0Sh81P1clLg8VNqREmGolrMtnra832LZ0Mu7%2FYw%2Fl8VLh4M9pBxj%2F4Almp6%2FDogI9I4rtWY8PjFiFeqvIhjkvODB9BNaFC%2FMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 851658e57e235c76-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
totalnicenewz.com/19/4662728/ 3 KB
2 KB 168ms
168ms XHR
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/19/4662728/?abt_opts=1&var=6960282&var3=778840162284348317&ymid=&rhd=1

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa7bad2a854014c70c0a466ead3036890618c4dafdb5a9d405a237acc594d020

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: cec7a00328020bd8b911a7cc82212d74
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUKzL8n0GssqB%2Bgpig1hopeVIWs6d9f5cwLonzkLJYt%2FQSlbfdY7TKspnjzsVWOT23rHbZ%2FbaDNMsXVADcJzS0pRx2MNpId7Dd3GAipIL9KD8Ji4efO9VCFPsovIPBkH09MmvA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 851658e57e285c76-MIA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 /
totalnicenewz.com/ 2 B
417 B 292ms
290ms XHR
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&mprtr=1
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bYbZx%2FoWqAMEUaegVMA4KE2B0Qd3DPAJo%2F2c7WXAGqbDyN0iXZhDnwvtVGi%2FSfs0erjFtC1vehHjmCDmrFgEG2DVYeIcPjkF9P%2BJkDmoqUdEmMNpaLUI2O9RrlWRiPK%2BxODew%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 851658e58e4d5c76-MIA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rhd
totalnicenewz.com/ 3 KB
3 KB 173ms
160ms Fetch
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/rhd?rb=A2vOVn7L__zlACQValbznIMig6bOA2lFSf_2I_2qHlnVN8K-x8CHSarOvj5QnLa6CSBl6ilC8ZUAh1O4Iul5J2LCjd-ATKEr9319F1Y8GYWzp2kejWwFIhaX5rHHQqwJ9a6lxJvuTTGJjrMYEOj61vIwgY5O-LcN41ZfE-u4udA8soaBzNBpxWzWakrZcu5JAyox_9mUOST7Kkt4iwgFla9PsWh7DSjFt3dUMO_7mRms2XAVmc436QHYb6RBZO6q37KC20xwtNR3pMPj03JERFP6E_iC6vrx2ySN3NX5QeNLNxP6smPALJADLxs6mfV4Sso0CmIlN79YB0EMLmQtmwOIW3fTMjUQSvier1rPsDa46STv4gd8eFpdelVc4igDWP97-flgGHJ26KfRYq2aOySanRvQm6qsLS17X23cIdA0fnrvg_yTOz_7StsFgEdvg6UeFhkquuZ-Lc6zAH-5mmtc2XdOSCF_oTITGQ1WMMknzDhiG5XSjMqIjx2s58SjQX1OFpSWpYKDlHpTMRBQMFVAOl3xtY1Z&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Ftotalnicenewz.com%2F%3Fs%3D778840162284348317%26ssk%3D6dd1a66cfe4e19b2200781354c9b3ec4%26svar%3D1707253483%26z%3D6960282%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3D%26bto%3D&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6960282&var3=778840162284348317&ymid=&rhd=1&m=link

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 04f868bb009f9d09188439b5efca236d
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5IV%2FbHXukbt8zo1NPL38z58FPSTdFd8hiMcWT9NP6uQcQy0vK%2BW6xEbsB8UuE6LK9ZfSwNuo4jvDjvxfBo1XSDszip4NzhIUWumqsuX382RQMtFS7%2Blg%2FC2EL0tsVHsjPVVrA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 851658e6edb0036a-MIA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 4662709
totalnicenewz.com/sw-check-permissions/ 0
958 B 190ms
159ms Other
application/javascript 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/sw-check-permissions/4662709?var=6960282&ymid=778840162284348317&uhd=1&zoneId=4662709
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.27
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.27
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdUUzznltZ5S87%2B8dLAUNtTW9kdbd7FbRvheWgCAh5%2BpA4dEhcedPm5RR9Pdy1ETjNe4p4oxLA%2Bh7Ks%2FQ4JFtjEVsO%2Fg4iO6o2xPGBx9wHLm2XePuu9UtOJ41eiweP%2B58jSb%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 851658e79e98036a-MIA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalnicenewz.com/ 0
493 B 162ms
156ms Ping
text/plain 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalnicenewz.com&var=6960282&ymid=778840162284348317&var_3=&var_4=&dsig=&tg=1&sw=3.1.477&trace_id=1dec3958-6d39-4da4-b5c8-b11722a79f52&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-trace-id: 96ef86026c34b7b9c59fd28515753288
date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfUePfTtXdwOf%2BgiEhfS7wI%2F8LCQ3CrSwu1MNsyjzbaCAGDnH8fvZOKVPz89yCfwTWpIKDr1ohWpQ55tDYjOe771OMth6spwRMlaqtVcLrpEr4fDQZnDXNdQK9t7y%2FxzN21uJA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalnicenewz.com
access-control-allow-credentials: true
cf-ray: 851658e6fdb6036a-MIA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js
my.rtmark.net/ 65 B
544 B 150ms
145ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=778840162284348317&var=6960282

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalnicenewz.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
totalnicenewz.com/ 796 B
987 B 165ms
165ms Fetch
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalnicenewz.com&var=6960282&ymid=778840162284348317&var_3=&var_4=&dsig=&tg=1&sw=3.1.477&trace_id=1dec3958-6d39-4da4-b5c8-b11722a79f52&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: d7e9f30f3b55b6b4d0bb6688526499d2
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZHQMKy6LfByuhZrFLO0kjNIu8PxJgDiPsi37b7DpGHOb5fctnRRURyw8fBmIXMWG2DGz%2BxX2%2FMqbYskz1EOYJiGsqzH%2B05qC0lK7ctvxsj12R1FxxUGVjNvadOtWQ6Vh%2BODlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 851658e84fed036a-MIA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

GET
H3 200 / Show response
totalnicenewz.com/ 40 KB
14 KB 189ms
188ms Document
text/html 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 51afc52fa9301143aa6991c5500dba7e449b1738071bb0e95e82054e342dda48

Request headers

Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 851658e84fee036a-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 21:04:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DjuCxvOEzuuhsgUM0kZRmHrYpoFpYyEuA5%2BG4LUf6fdkknHcCNVC2EusJCvX7EfkLcKA5N72MrrF63Zu%2BAkoOmw993M7nJU1NmKex1Mi%2FvenjvN%2FUCGXRpThs%2FhEFMI7PG7CZw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H3 200 micro.tag.min.js Show response
totalnicenewz.com/pfe/current/ 28 KB
11 KB 362ms
360ms Script
application/javascript 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc5f2967a33d6cd3df5091e31bd1fecb3d19094ba3f563fe26287a8ce7117b7f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 21:04:45 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 25 Jan 2024 09:37:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b22bc5-704a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSGZgjt3yyaXMKrOlVMJ%2B%2FOa0krNJBWRzwSzI5DU0zqYXbsQSV4pkTzG76ZqY5HjdrK43fWvtCOA92kWgUf%2B8BHjGqcK%2BAEJI1G1zqZZoHMc618K9wldhLF1RjFLp04RrY5P9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 851658ea2a82036a-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
totalnicenewz.com/19/4662728/ 3 KB
3 KB 169ms
168ms XHR
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/19/4662728/?abt_opts=1&var=6960282&var3=778840162284348317&ymid=&rhd=1

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3273d9644166f5ffa5c117eb8a1192efd55d7d39e878228ca7919bd91407e30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 30ba1e0f758c664dc92fd1e87e007ef7
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6x6aeliBiYVkQZzAgfQUjmc3stRoYqULZ8VeJwv5aa0PzXpDiaKZp5sw6DGraDaCc%2BboVvGSPip1xUDdggx3mwXMuRiKzwrwYVoc3QpZlsAb9cGSuHjISKuPeeMFIMuOKAeocg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 851658ea2a85036a-MIA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 / Show response
totalnicenewz.com/ 2 B
528 B 340ms
326ms XHR
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2&mprtr=1
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUkA6GDeF91%2B7Alob6aHLYzc9vkLa9nQf%2F1UI7t91o47lcuTr0ruJpens0r0ip9VVbmF6JJpW6FP0sFO%2FW3vjUhScjSqc7smicH2rg4iwQL2u54UbI1BBQPZIGcQykK40MMg6g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 851658ea4ab3036a-MIA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 4662709
totalnicenewz.com/sw-check-permissions/ 0
959 B 164ms
163ms Other
application/javascript 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalnicenewz.com/sw-check-permissions/4662709?var=6960282&ymid=778840162284348317&uhd=1&zoneId=4662709
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCBp%2BiEB%2BtCQe%2Bi%2F9yGn4RZl9a1a1YU8c3qP2tz3VVQZLPx09aeDqKeLEvAJuDzVVtdZXO6RQYbT5N3HXZUQ9C2uoskJQLDrKVD1vnnS8ag6mM%2FObAW7PjRdQipoAdiFzxW%2F4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 851658eda88e036a-MIA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalnicenewz.com/ 0
497 B 151ms
150ms Ping
text/plain 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalnicenewz.com&var=6960282&ymid=778840162284348317&var_3=&var_4=&dsig=&tg=1&sw=3.1.477&trace_id=b3d7c633-895a-474a-9980-05f149174716&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-trace-id: 4f0a23916b154c95469d6e45abdf93e7
date: Tue, 06 Feb 2024 21:04:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufxyG4PJ1oD9J1r59ANlSJ2IGQ5i03mVmKHXLLPRRe44xvM3jkqX3wF%2BPmF8otWS%2FLBJO6FMxQjvrRRYEVo2KwK0dwhp%2F4%2BaDbqlb9ARcld2qkM3%2BFT7lrnFvIjqp4FEbMWYpg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalnicenewz.com
access-control-allow-credentials: true
cf-ray: 851658ec8e0c036a-MIA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
544 B 145ms
140ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=778840162284348317&var=6960282

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fab8fbf38ce4e7272b8ddf9d0f2d83b4ed736c21ed16d5e13a0f2faae6b5a034

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalnicenewz.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
totalnicenewz.com/ 796 B
988 B 155ms
154ms Fetch
application/json 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalnicenewz.com&var=6960282&ymid=778840162284348317&var_3=&var_4=&dsig=&tg=1&sw=3.1.477&trace_id=b3d7c633-895a-474a-9980-05f149174716&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/pfe/current/micro.tag.min.js?z=4662709&ymid=778840162284348317&var=6960282&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 3cbdeed1400c42b6b75435dc244d4b19
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9OEQSeniB8gP9pCXhdgEYYb8Pl%2BqPEhWoLwQleB%2FF1BcJZKMofGC1HIdk4yg4vix%2BduQAvEGCeSkFwDXY4DePlu6wirzG%2FDIpqULZw5eiNULipR3vBIXnBqTIiWE3orWN%2FJUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 851658ee3937036a-MIA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

GET
H3 200 / Show response
totalnicenewz.com/submenu/4662728/ 33 KB
13 KB 200ms
194ms Document
text/html 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

767bec042b83a6e76388684d0d312a4003f4423efaa502a2b3d8f4abb45154eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 851658f2d856036a-MIA
content-encoding: gzip
content-type: text/html; charset=utf8
date: Tue, 06 Feb 2024 21:04:46 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U25KS68LD9Tg5X9laZcKSxc27lfCvFERe66GwyAv6XpHjrXVODlZY3YbxFCUHt5ZHUQP2Skkvo32iuXQnxVasQF8q97mHPgtijISwECZHoyC8uAPtTox5YoBbCUCPffN02EClw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=1
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: a7ea4f3339cfb0d7cbac5cb81a1f8f42

POST
H3 200 sftouch
totalnicenewz.com/ 2 B
776 B 184ms
177ms Ping
text/plain 172.64.204.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalnicenewz.com/sftouch?userId=87945cdc88cc875910c0fd963e4a3311&z=4662728&p_rid=8c447fba-14e5-4305-b87f-5b57fe1061ef&p_src=sf&branchId=0&rb=oV2d9f4XLnxW5jCXDiFkyv7JzpiCF7xXogqOz-Q_LeNGhspgZtZ4nCbp5LrV04jOAc1K9-8mPM2MWL5UPc14Lsd-SCAtZh3D3jvOcm2q4oZZlQbiXuWKbZFydWkxWv9W8YApZv6Ny_j_mWWPnvT3KgAikAk1zbPdVCUK_0-O5BobQ4XdRC0fNndT2bCJo9ewWBWpXa9AR736iAhf2zDiJ8SFTsTzdapaJYRriJr-FquTmtf_DM-3A1yV8-gv09Yvda3ihQ7XS8qjAJ_QXZqvsvZArL_E5RiNGwcUnbik6hLJxsOnXdv6Ckl6V8zhpjUhkdAUFKQ2GEc=

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.204.9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:46 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2
x-trace-id: 024e84324b9ae4fbd4bd8bb8f3390354
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://totalnicenewz.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2FJsLLHAEXWoWA8wwHcGwqv0%2FUsr%2Fej5SA2tBTRTOHBA3fjEGkzTcVvX5pf3DGXbamxjmddSJFyje6jxqgX2XZ4CVvu8HabqqmI3cjc16Pc2SlVZ4qFe6kf8keV%2B%2F8lHr%2BqhNA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 851658f46aed036a-MIA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
470 B 487ms
151ms XHR
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8f81b17b-8412-4bee-9aec-a538d905fc9e
Requested by: Host: totalnicenewz.com
URL: https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://totalnicenewz.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 06 Feb 2024 21:04:47 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://totalnicenewz.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

POST
H2 200 img.gif
my.rtmark.net/ 43 B
507 B 159ms
149ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=87945cdc88cc875910c0fd963e4a3311&z=4662728&p_rid=8c447fba-14e5-4305-b87f-5b57fe1061ef&p_src=sf

Requested by

Host: totalnicenewz.com
URL: https://totalnicenewz.com/submenu/4662728/?rhd=1&var=6960282&var3=778840162284348317&oaid=87945cdc88cc875910c0fd963e4a3311

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://totalnicenewz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:46 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://totalnicenewz.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2

200

Primary Request lander-1 Show response
equi5.subsidyaid.com/
Redirect Chain

https://totalnicenewz.com/rhd?z=4662728&syncedCookie=false&rhd=true
https://track.additionalbenefits.org/742ca7d8-c5c4-499a-a412-67ea49912e87?zoneid=4662728&bannerid=20248186&zonetype={zone_type}&campaignid=7898133&device=desktop&region=fl&isp=781237823&source=PR2&...
https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=...

1 KB
1 KB

266ms
66ms

Document
text/html

34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: d3856b4d11d76e6f4fa87973b4ec83dd6ef0e9cb6eeda65b884727f33512fc4b

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://totalnicenewz.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
content-length: 1336
content-type: text/html
date: Tue, 06 Feb 2024 21:04:47 GMT
etag: "65c173d3-538"
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3

Redirect headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Tue, 06 Feb 2024 21:04:47 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
pragma: no-cache
server: nginx

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
847 B 349ms
85ms Stylesheet
text/css 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Requested by

Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

83b78ab2ca543f34ac77a105efaff8fd77bbdba44939b8be442a1bcc85f14cb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 21:04:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 21:04:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 21:04:48 GMT

GET
H2 200 scripts.js Show response
equi5.subsidyaid.com/scripts/ 12 KB
12 KB 229ms
202ms Script
application/javascript 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://equi5.subsidyaid.com/scripts/scripts.js
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: b416c2ebf4b4d4e71bd515a35a15f45da09c708728cfedb05dc3ed2902fc68dd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:47 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-2e69"
content-length: 11881
content-type: application/javascript

GET
H2 200 main.8472d217.js Show response
equi5.subsidyaid.com/static/js/ 776 KB
777 KB 85ms
65ms Script
application/javascript 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 176f2cb0f7d0d607cf3903b22162cec1387e1cfbf363d76b29a2870ee1146128

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-c1ea1"
content-length: 794273
content-type: application/javascript

GET
H2 200 main.6df79cac.css
equi5.subsidyaid.com/static/css/ 17 KB
17 KB 210ms
185ms Stylesheet
text/css 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://equi5.subsidyaid.com/static/css/main.6df79cac.css
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 7ee7f061f864c34e21a8a9c0a753ec7e61415a7032fc0b04cc784c0134956db0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:47 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-43ca"
content-length: 17354
content-type: text/css

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 232ms
57ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/scripts/scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bca51ed2fe251488a1b150edf560d43880f1486740f34d24120ede486f99676b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 06 Feb 2024 21:04:48 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: EsnIPRiz+Je4fkC/iwaZc9/OdKisNS5RLg5hyhHF98hM6Ywd/VqJXb1RidPh+qQJkeY4Q6ljRoe+EeC9Ql+WSQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 115 KB
45 KB 243ms
70ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W8XQHMBR

Requested by

Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/scripts/scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bd444d04e6484f18f8486f78072a3ca25e64740f80d8f1ecf5c12ce69b58ff1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45207
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 06 Feb 2024 21:04:48 GMT

GET
H2 200 banner_shape_3.6cde1a3669b1a621d6e6.webp
equi5.subsidyaid.com/static/media/ 58 KB
58 KB 83ms
72ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/banner_shape_3.6cde1a3669b1a621d6e6.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/css/main.6df79cac.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: fbefb53e718f4e5f3c2d02656af3678f10b9388a82511855617830f58cd98f61

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/static/css/main.6df79cac.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-e908"
content-length: 59656
content-type: image/webp

GET
H2 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v14/ 61 KB
62 KB 228ms
65ms Font
font/woff2 2607:f8b0:4006:80b::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v14/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://equi5.subsidyaid.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 09:14:55 GMT
x-content-type-options: nosniff
age: 474593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62704
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 22:05:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jan 2025 09:14:55 GMT

GET
H2 200 logo.46a0b122f586f8f63c5a.png
equi5.subsidyaid.com/static/media/ 38 KB
38 KB 95ms
84ms Image
image/png 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/logo.46a0b122f586f8f63c5a.png
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: ef6ebebb5f3b1f249439235c20ce8b7b4da09b4865c7e02cc508b70bfaf54cf9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-97df"
content-length: 38879
content-type: image/png

GET
H2 200 subsidycard.b137d19491cceaeca436.webp
equi5.subsidyaid.com/static/media/ 28 KB
28 KB 92ms
82ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/subsidycard.b137d19491cceaeca436.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 1121f900845e1e1d10a24d0ebeca2cba7980de8b55118546879a2e1a54b638d9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-6ffc"
content-length: 28668
content-type: image/webp

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a65df679865cbe83d89e0edcd0f684ea66169fedee5b420cf1b6544e9fa13845

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 news-logo02.ec6acd0201605b43bc54.png
equi5.subsidyaid.com/static/media/ 23 KB
23 KB 123ms
114ms Image
image/png 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/news-logo02.ec6acd0201605b43bc54.png
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 0e4b455181a5b285f26758971d8f0b47ee821307adfbf91b6c75602f50c94a0d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-5c8e"
content-length: 23694
content-type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74e959bdf6b08b492e3b51a00f380ec6dc909967a3e3bdc62f90f9921c77d251

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa9bb74cb885084014960f08e9bcd5fff5eaff8575dc00dd3e70d0a21a426a4a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7ac9ad730d43956d46938079899f41f83714aa8e8affc90186373773c528706

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 news-logo06.0fc68c2f7481ac435f98.png
equi5.subsidyaid.com/static/media/ 22 KB
22 KB 96ms
89ms Image
image/png 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/news-logo06.0fc68c2f7481ac435f98.png
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: dbc384bd02b57754a0bfab2891767aa3fa65100af6f9e7947c09eef292606d0f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-5909"
content-length: 22793
content-type: image/png

GET
H2 200 002-basket.8e956a38db2baa6a51c4.webp
equi5.subsidyaid.com/static/media/ 6 KB
6 KB 121ms
115ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/002-basket.8e956a38db2baa6a51c4.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 5b8e5d2f27e9fb10aae3edb56fc9134aed9ab59317b7a1fbc7f19bdaca05ffbc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-1914"
content-length: 6420
content-type: image/webp

GET
H2 200 003-rent.90b97597dfbe45996927.webp
equi5.subsidyaid.com/static/media/ 3 KB
3 KB 122ms
116ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/003-rent.90b97597dfbe45996927.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 41c5942b665b0d689809e54ad42a829ad7d05b465da0ef6a6834a73f3b40e6b3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-a12"
content-length: 2578
content-type: image/webp

GET
H2 200 001-gas-pump.da372692325fa1463351.webp
equi5.subsidyaid.com/static/media/ 3 KB
4 KB 132ms
126ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/001-gas-pump.da372692325fa1463351.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 07edc267cf6450c21b85b43d498632665b785593860e4ea9911219d890179863

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-d8a"
content-length: 3466
content-type: image/webp

GET
H2 200 004-online-shopping.014c367a742b5cbdcff8.webp
equi5.subsidyaid.com/static/media/ 3 KB
3 KB 133ms
127ms Image
image/webp 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/004-online-shopping.014c367a742b5cbdcff8.webp
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: ddb682b2e3d2ac7f1e637ed27a3b98f4b88145dd09742da03c35ee597b1df525

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-b72"
content-length: 2930
content-type: image/webp

GET
H2 200 trustpilot-logo.228391ce98bdfb1e17b4.png
equi5.subsidyaid.com/static/media/ 67 KB
68 KB 132ms
128ms Image
image/png 34.123.196.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://equi5.subsidyaid.com/static/media/trustpilot-logo.228391ce98bdfb1e17b4.png
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.123.196.68 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.196.123.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: ddf815a7a7b5ad1e87132638f5d141599075d6f61a5700e21dfd5e44209253ba

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:48 GMT
last-modified: Mon, 05 Feb 2024 23:48:35 GMT
server: nginx/1.25.3
accept-ranges: bytes
etag: "65c173d3-10dd6"
content-length: 69078
content-type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e53d918f1e31a51d64f9780fa1c4d91fcac71db9c13fcb9194d633213158bc7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 813 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee82b191319cab951f67e31261e7c36a53bc0b49fe818f7523614140385b4c2e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02643c4790593efc994305a03557d68b339e66b3e1dbd390ff10726430dea506

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3b59ed497b64917f794e3ee961cbf9dfc4ff6ca5033f9b28d8e76b0c0a2623d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
BLOB 200
OK c8170728-89af-47ae-94fd-cc9135517dea
https://equi5.subsidyaid.com/ 10 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://equi5.subsidyaid.com/c8170728-89af-47ae-94fd-cc9135517dea
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/lander-1?vl_click_id=w7gp3dr61i7ogd0vin224mie&utm_source=PR2&utm_medium=push&utm_campaign=7898133&utm_adset=781237823&utm_ad=20248186&site_id=%7Bzone_type%7D&placement=4662728&externalclickid=778840178084290638
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 10285
Content-Type

GET
H2 200 ringba.com.js Show response
js.callcdn.com/js_v3/min/ 7 KB
3 KB 302ms
67ms Script
application/javascript 2600:9000:23cb:5600:9:5bab:8100:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.callcdn.com/js_v3/min/ringba.com.js
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:5600:9:5bab:8100:93a1 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1b35261b95ec779b25d6a27b1b2c1c2d6f1c08f329ffd643478ad63d7ddcdea0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:10:58 GMT
content-encoding: gzip
via: 1.1 db615220fdf1b471c82cd306c2f4717a.cloudfront.net (CloudFront)
last-modified: Wed, 10 Jan 2024 15:58:04 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: JFK50-P1
age: 32043
x-powered-by: ASP.NET
etag: W/"0ce63cbdd43da1:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: VNrVb3Xy3f8OcCLdzTxE2sE8NhMcnksi6aFQT5_WpZ4zbV5fVxE0Jw==

GET
H/1.1 200
OK / Show response
api.ipify.org/ 22 B
222 B 223ms
67ms XHR
application/json 64.185.227.156

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 -, , ASN (),
Reverse DNS
Software: nginx/1.25.1 /
Resource Hash: 8641559408860c1dad48a8852756eae102c740b81dd3a21942616306d9b214cf

Request headers

Accept: application/json, text/plain, */*
Referer: https://equi5.subsidyaid.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 06 Feb 2024 21:04:49 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 22
Vary: Origin
Content-Type: application/json

GET
H2 200 volumOfferScript.js Show response
lander-main-microservice.netlify.app/ 2 KB
994 B 256ms
64ms Script
application/javascript 2600:1f18:2489:8201::c8

General

Check archive.org

Show headers Download Go to

Full URL

https://lander-main-microservice.netlify.app/volumOfferScript.js

Requested by

Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:2489:8201::c8 -, , ASN (),

Reverse DNS

Software

Netlify /

Resource Hash

789b421b522b89a400280aaaed0096fb4c36e54da676914528442495abe7d782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nf-request-id: 01HP03SQG8JX8HDYXTCEXQENZX
date: Tue, 06 Feb 2024 21:04:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 48798
cache-status: "Netlify Edge"; hit
etag: "93347be9e14a8b56ff0067ca578bcc32-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 722

GET
H2 200 ip Show response
funnel.improveourcredit.com/ 2 KB
2 KB 374ms
166ms XHR
application/json 104.154.135.87

General

Check archive.org

Show headers Download Go to

Full URL: https://funnel.improveourcredit.com/ip?key=askdjaslkdjaskjdsla
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.154.135.87 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 9e7544cba566f28e5d68c0a8460932027d3efe798a88ed6f351cd3959996ee68

Request headers

Accept: application/json, text/plain, */*
Referer: https://equi5.subsidyaid.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 21:04:49 GMT
server: nginx/1.18.0 (Ubuntu)
x-powered-by: Express
etag: W/"6a7-tCnk+3YC+O7dRlfNn6DwW9J7PoY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 1703

GET
H2 200 1279112236350881 Show response
connect.facebook.net/signals/config/ 53 KB
11 KB 102ms
65ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1279112236350881?v=2.9.145&r=stable&domain=equi5.subsidyaid.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f256c7613955dae449b7ba9d1f3be745949c30db8135da14b58a2ea2193f4652

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 06 Feb 2024 21:04:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11162
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: I+ZkO2Ib45+2DZysIqlTlJkMg+unWuyPLx1XT2xjDvtvBiKWjTZwehTVKbuXhgg667hnLYXcXMcY1F7CPTvy0Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 473117f35950ebe0acb6f48663d946b9c1498abee246adff6824a8f6fa0db210

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 247ms
67ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1279112236350881&ev=PageView&dl=https%3A%2F%2Fequi5.subsidyaid.com%2Flander-1%3Fvl_click_id%3Dw7gp3dr61i7ogd0vin224mie%26utm_source%3DPR2%26utm_medium%3Dpush%26utm_campaign%3D7898133%26utm_adset%3D781237823%26utm_ad%3D20248186%26site_id%3D%257Bzone_type%257D%26placement%3D_removed_%26externalclickid%3D778840178084290638%26_filteredParams%3D%257B%2522unwantedParams%2522%253A%255B%255D%252C%2522restrictedParams%2522%253A%255B%25221480fb125459cbca6cff13fbac5d846220d91cf906e466eb2842ef350878138b%2522%255D%257D&rl=&if=false&ts=1707253489207&cd[eventID]=EVENT_ID993C3D1F-E2F2-45AE-8F3A-2A613BD51ECC.6D639532-174D-4B06-B3C4-48DC960F287F&sw=1600&sh=1200&v=2.9.145&r=stable&ec=0&o=4126&fbp=fb.1.1707253489200.768326138&ler=empty&cdl=API_unavailable&it=1707253488979&coo=false&up_url=&rp_url=1480fb125459cbca6cff13fbac5d846220d91cf906e466eb2842ef350878138b&exp=e1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 06 Feb 2024 21:04:49 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 .js Show response
track.subsidyaid.com/d/ 1 KB
1 KB 234ms
60ms Script
application/javascript 34.232.110.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track.subsidyaid.com/d/.js?oref=&ourl=https%3A%2F%2Fequi5.subsidyaid.com%2Flander-1%3Fvl_click_id%3Dw7gp3dr61i7ogd0vin224mie%26utm_source%3DPR2%26utm_medium%3Dpush%26utm_campaign%3D7898133%26utm_adset%3D781237823%26utm_ad%3D20248186%26site_id%3D%257Bzone_type%257D%26placement%3D4662728%26externalclickid%3D778840178084290638&opt=subsidyaid.com&vtm=1707253489217
Requested by: Host: lander-main-microservice.netlify.app
URL: https://lander-main-microservice.netlify.app/volumOfferScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.232.110.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-110-131.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 96f9e69a0ccb4f9b49452224cb3f3cdba99d94bc2c71955ac667bbe90120729e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://equi5.subsidyaid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 21:04:49 GMT
server: nginx
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 1150
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK gnbulk Show response
display.ringba.com/v2/nis/ 392 B
783 B 333ms
61ms XHR
application/json 54.211.24.82

General

Check archive.org

Show headers Download Go to

Full URL: https://display.ringba.com/v2/nis/gnbulk
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.24.82 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a91b1caf1f158078b2712112088324bb76a5055c0c111ac2287ebafd16ff9fe1

Request headers

Referer: https://equi5.subsidyaid.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 06 Feb 2024 21:04:48 GMT
X-Runtime: 0.0020
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Max-Age: 300
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://equi5.subsidyaid.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 392
Expires: -1

POST
H2 429 / Show response
o4506236711272448.ingest.sentry.io/api/4506247999520768/envelope/ 198 B
590 B 215ms
108ms Fetch
application/json 34.120.195.249

General

Check archive.org

Show headers Download Go to

Full URL

https://o4506236711272448.ingest.sentry.io/api/4506247999520768/envelope/?sentry_key=af570c650df8c0a8b2bf41eb906104b8&sentry_version=7&sentry_client=sentry.javascript.react%2F7.80.1

Requested by

Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://equi5.subsidyaid.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 06 Feb 2024 21:04:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198
x-sentry-rate-limits: 60:transaction;profile:organization:transaction_usage_exceeded
retry-after: 60

POST
H/1.1 200
OK hb Show response
display.ringba.com/v1/nis/ 0
342 B 63ms
62ms XHR
text/plain 54.211.24.82

General

Check archive.org

Show headers Download Go to

Full URL: https://display.ringba.com/v1/nis/hb
Requested by: Host: equi5.subsidyaid.com
URL: https://equi5.subsidyaid.com/static/js/main.8472d217.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.24.82 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://equi5.subsidyaid.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 06 Feb 2024 21:04:53 GMT
X-Runtime: 0.0020
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Max-Age: 300
Access-Control-Allow-Origin: https://equi5.subsidyaid.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: my.rtmark.net
URL: https://my.rtmark.net/img.gif?f=merge&userId=2dd1177a30bc40e49eb6cde876efb928

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ak.peethach.com/	1970-01-21 02:59:49	Name: OAID Value: 2dd1177a30bc40e49eb6cde876efb928
ak.peethach.com/	1970-01-21 02:59:49	Name: oaidts Value: 1707253483
totalnicenewz.com/	1970-01-21 02:59:49	Name: OAID Value: 87945cdc88cc875910c0fd963e4a3311
my.rtmark.net/	1970-01-21 02:59:49	Name: ID Value: 87945cdc88cc875910c0fd963e4a3311
totalnicenewz.com/	1970-01-20 18:24:18	Name: syncedCookie Value: true
totalnicenewz.com/	1970-01-20 18:14:13	Name: prefetchAd_4662728 Value: true
totalnicenewz.com/	1970-01-20 18:14:17	Name: reverse Value: fz_mjGsikNaIBioTSzgC6ke9X0rMr7RVo7Ed1zdQPQk
totalnicenewz.com/	1970-01-21 02:59:49	Name: oaidts Value: 1707253486
.track.additionalbenefits.org/	1970-01-20 18:15:39	Name: 742ca7d8-c5c4-499a-a412-67ea49912e87-v4 Value: TZVfHs4WF_jrwyvCrmsIDGBUK6zhPi-dK6RdKm4Qm2s
.track.additionalbenefits.org/	1970-01-21 02:59:49	Name: cc-v4 Value: iQvXaTMwW2PYKp%2FOoyyPnP6q0YMyBf%2BwACnhovvrPbEq1rvkl%2Bu2RLLrJT3NpknNV%2FvgKjWiRIGbStVkm7ln7EhyO3BUQ0HmPm7MGN8ANL4mHEu3KX54OIvPIdJbITsOz583M32yELRaprN55HWRvQ%3D%3D
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: eventID Value: EVENT_ID993C3D1F-E2F2-45AE-8F3A-2A613BD51ECC.6D639532-174D-4B06-B3C4-48DC960F287F
.equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: eventID Value: EVENT_ID993C3D1F-E2F2-45AE-8F3A-2A613BD51ECC.6D639532-174D-4B06-B3C4-48DC960F287F
.equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: visitor_id Value: VISITOR_ID77CD3AA8-4484-4892-85E2-450483EC3DD5.753125AF-27C1-4A75-A177-DBD8A2A54A46
.subsidyaid.com/	1969-12-31 23:59:59	Name: eventID Value: EVENT_ID993C3D1F-E2F2-45AE-8F3A-2A613BD51ECC.6D639532-174D-4B06-B3C4-48DC960F287F
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: gclid Value: null
.subsidyaid.com/	1969-12-31 23:59:59	Name: gclid Value: null
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: grbaid Value: null
.subsidyaid.com/	1969-12-31 23:59:59	Name: grbaid Value: null
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: wbraid Value: null
.subsidyaid.com/	1969-12-31 23:59:59	Name: wbraid Value: null
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: acc_id Value: null
.subsidyaid.com/	1969-12-31 23:59:59	Name: acc_id Value: null
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: placement Value: 4662728
.subsidyaid.com/	1969-12-31 23:59:59	Name: placement Value: 4662728
equi5.subsidyaid.com/	1969-12-31 23:59:59	Name: visitor_id Value: [object%20Object]
.subsidyaid.com/	1969-12-31 23:59:59	Name: visitor_id Value: [object%20Object]
.subsidyaid.com/	1970-01-20 20:23:49	Name: _fbp Value: fb.1.1707253489200.768326138
equi5.subsidyaid.com/	1970-01-21 02:59:49	Name: vl-cid Value: w7gp3dr61i7ogd0vin224mie

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/?s=778840162284348317&ssk=6dd1a66cfe4e19b2200781354c9b3ec4&svar=1707253483&z=6960282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=&bto=&rdc=2 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/afu.php?zoneid=4662728&var=4662728&rid=01rRcJlUYhuPvc1Bl3BO0Q%3D%3D&rhd=true Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://totalnicenewz.com/afu.php?zoneid=4662728&var=4662728&rid=01rRcJlUYhuPvc1Bl3BO0Q%3D%3D&rhd=true Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1279112236350881?v=2.9.145&r=stable&domain=equi5.subsidyaid.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 95) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://o4506236711272448.ingest.sentry.io/api/4506247999520768/envelope/?sentry_key=af570c650df8c0a8b2bf41eb906104b8&sentry_version=7&sentry_client=sentry.javascript.react%2F7.80.1 Message: Failed to load resource: the server responded with a status of 429 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak.peethach.com
api.ipify.org
connect.facebook.net
datatechone.com
display.ringba.com
equi5.subsidyaid.com
fonts.googleapis.com
fonts.gstatic.com
funnel.improveourcredit.com
js.callcdn.com
lander-main-microservice.netlify.app
my.rtmark.net
o4506236711272448.ingest.sentry.io
totalnicenewz.com
track.additionalbenefits.org
track.subsidyaid.com
www.facebook.com
www.googletagmanager.com
my.rtmark.net
104.154.135.87
139.45.195.8
172.64.204.9
23.44.201.166
2600:1f18:2489:8201::c8
2600:9000:23cb:5600:9:5bab:8100:93a1
2607:f8b0:4006:80b::2003
2607:f8b0:4006:81c::200a
2607:f8b0:4006:821::2008
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.120.195.249
34.123.196.68
34.232.110.131
37.48.68.71
54.211.24.82
64.185.227.156
02643c4790593efc994305a03557d68b339e66b3e1dbd390ff10726430dea506
07edc267cf6450c21b85b43d498632665b785593860e4ea9911219d890179863
0e4b455181a5b285f26758971d8f0b47ee821307adfbf91b6c75602f50c94a0d
1121f900845e1e1d10a24d0ebeca2cba7980de8b55118546879a2e1a54b638d9
176f2cb0f7d0d607cf3903b22162cec1387e1cfbf363d76b29a2870ee1146128
1b35261b95ec779b25d6a27b1b2c1c2d6f1c08f329ffd643478ad63d7ddcdea0
2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b
3273d9644166f5ffa5c117eb8a1192efd55d7d39e878228ca7919bd91407e30e
41c5942b665b0d689809e54ad42a829ad7d05b465da0ef6a6834a73f3b40e6b3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
473117f35950ebe0acb6f48663d946b9c1498abee246adff6824a8f6fa0db210
51afc52fa9301143aa6991c5500dba7e449b1738071bb0e95e82054e342dda48
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
5b8e5d2f27e9fb10aae3edb56fc9134aed9ab59317b7a1fbc7f19bdaca05ffbc
5e53d918f1e31a51d64f9780fa1c4d91fcac71db9c13fcb9194d633213158bc7
74e959bdf6b08b492e3b51a00f380ec6dc909967a3e3bdc62f90f9921c77d251
767bec042b83a6e76388684d0d312a4003f4423efaa502a2b3d8f4abb45154eb
789b421b522b89a400280aaaed0096fb4c36e54da676914528442495abe7d782
7ee7f061f864c34e21a8a9c0a753ec7e61415a7032fc0b04cc784c0134956db0
83b78ab2ca543f34ac77a105efaff8fd77bbdba44939b8be442a1bcc85f14cb2
8641559408860c1dad48a8852756eae102c740b81dd3a21942616306d9b214cf
96f9e69a0ccb4f9b49452224cb3f3cdba99d94bc2c71955ac667bbe90120729e
9e7544cba566f28e5d68c0a8460932027d3efe798a88ed6f351cd3959996ee68
a65df679865cbe83d89e0edcd0f684ea66169fedee5b420cf1b6544e9fa13845
a91b1caf1f158078b2712112088324bb76a5055c0c111ac2287ebafd16ff9fe1
aa7bad2a854014c70c0a466ead3036890618c4dafdb5a9d405a237acc594d020
b3b59ed497b64917f794e3ee961cbf9dfc4ff6ca5033f9b28d8e76b0c0a2623d
b416c2ebf4b4d4e71bd515a35a15f45da09c708728cfedb05dc3ed2902fc68dd
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
bca51ed2fe251488a1b150edf560d43880f1486740f34d24120ede486f99676b
bd444d04e6484f18f8486f78072a3ca25e64740f80d8f1ecf5c12ce69b58ff1c
cc5f2967a33d6cd3df5091e31bd1fecb3d19094ba3f563fe26287a8ce7117b7f
d3856b4d11d76e6f4fa87973b4ec83dd6ef0e9cb6eeda65b884727f33512fc4b
dbc384bd02b57754a0bfab2891767aa3fa65100af6f9e7947c09eef292606d0f
ddb682b2e3d2ac7f1e637ed27a3b98f4b88145dd09742da03c35ee597b1df525
ddf815a7a7b5ad1e87132638f5d141599075d6f61a5700e21dfd5e44209253ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ac9ad730d43956d46938079899f41f83714aa8e8affc90186373773c528706
ee82b191319cab951f67e31261e7c36a53bc0b49fe818f7523614140385b4c2e
ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c
ef6ebebb5f3b1f249439235c20ce8b7b4da09b4865c7e02cc508b70bfaf54cf9
f256c7613955dae449b7ba9d1f3be745949c30db8135da14b58a2ea2193f4652
f95c981808ede025f8b7779224d068b815e378822515ed5f635313d763d893f5
fa9bb74cb885084014960f08e9bcd5fff5eaff8575dc00dd3e70d0a21a426a4a
fab8fbf38ce4e7272b8ddf9d0f2d83b4ed736c21ed16d5e13a0f2faae6b5a034
fbefb53e718f4e5f3c2d02656af3678f10b9388a82511855617830f58cd98f61

equi5.subsidyaid.com Open in urlscan Pro 34.123.196.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

53 Requests

94 %HTTPS

41 %IPv6

17 Domains

18 Subdomains

18 IPs

3 Countries

1327 kBTransfer

1750 kBSize

28 Cookies

0 Outgoing links

Page URL History

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

equi5.subsidyaid.com Open in urlscan Pro
34.123.196.68 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

94 %
HTTPS

41 %
IPv6

17
Domains

18
Subdomains

18
IPs

3
Countries

1327 kB
Transfer

1750 kB
Size

28
Cookies

53 HTTP transactions
11 data transactions