urlscan.io logo urlscan.io
SecurityTrails logo

aidsubsidy.com Open in urlscan Pro
172.67.187.229  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ak.phaunaitsi.net/4/8149157
Effective URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8...
Submission: On November 04 via manual from QA — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 11 domains to perform 46 HTTP transactions. The main IP is 172.67.187.229, located in United States and belongs to CLOUDFLARENET, US. The main domain is aidsubsidy.com. The Cisco Umbrella rank of the primary domain is 132746.
TLS certificate: Issued by WE1 on October 26th 2024. Valid for: 3 months.
This is the only time aidsubsidy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 12 23.46.238.202 20940 (AKAMAI-ASN1)
3 139.45.195.8 9002 (RETN-AS)
1 1 2a01:4ff:f0:e... 213230 (HETZNER-C...)
18 172.67.187.229 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 52.5.88.2 14618 (AMAZON-AES)
2 157.240.229.1 32934 (FACEBOOK)
1 99.86.227.13 16509 (AMAZON-02)
1 2600:9000:27c... 16509 (AMAZON-02)
2 2a03:2880:f10... 32934 (FACEBOOK)
1 52.20.167.89 14618 (AMAZON-AES)
2 3.86.117.102 ()
46 13
12    23.46.238.202 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-46-238-202.deploy.static.akamaitechnologies.com
ak.phaunaitsi.net
3    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    2a01:4ff:f0:ea7d::1 (Ashburn, United States)

ASN213230 (HETZNER-CLOUD2-AS, DE)
go.ayotrk.com
18    172.67.187.229 (United States)

ASN13335 (CLOUDFLARENET, US)
aidsubsidy.com
1    2606:4700:10::6816:27b6 (United States)

ASN13335 (CLOUDFLARENET, US)
create.lidstatic.com
1    2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    52.5.88.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-88-2.compute-1.amazonaws.com
create.leadid.com
2    157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net
connect.facebook.net
1    99.86.227.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-227-13.iad79.r.cloudfront.net
d2m2wsoho8qq12.cloudfront.net
1    2600:9000:27cb:a600:4:1957:6500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-js.ringba.com
2    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    52.20.167.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-167-89.compute-1.amazonaws.com
display.ringba.com
2    3.86.117.102 (None, )

ASN- ()
create.leadid.com
Apex Domain
Subdomains		 Transfer
18 aidsubsidy.com
aidsubsidy.com — Cisco Umbrella Rank: 132746
905 KB
12 phaunaitsi.net
ak.phaunaitsi.net — Cisco Umbrella Rank: 200727
29 KB
5 leadid.com
create.leadid.com — Cisco Umbrella Rank: 14045
2 KB
3 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 10912
1 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
5 KB
2 ringba.com
b-js.ringba.com — Cisco Umbrella Rank: 122083
display.ringba.com — Cisco Umbrella Rank: 118931
18 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
79 KB
1 cloudfront.net
d2m2wsoho8qq12.cloudfront.net
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
73 KB
1 lidstatic.com
create.lidstatic.com — Cisco Umbrella Rank: 22294
39 KB
1 ayotrk.com
go.ayotrk.com
1 KB
46 11
Domain Requested by
18 aidsubsidy.com aidsubsidy.com
12 ak.phaunaitsi.net 2 redirects ak.phaunaitsi.net
5 create.leadid.com create.lidstatic.com
3 my.rtmark.net ak.phaunaitsi.net
2 www.facebook.com aidsubsidy.com
2 connect.facebook.net www.googletagmanager.com
connect.facebook.net
1 display.ringba.com b-js.ringba.com
1 b-js.ringba.com aidsubsidy.com
1 d2m2wsoho8qq12.cloudfront.net create.lidstatic.com
1 www.googletagmanager.com aidsubsidy.com
1 create.lidstatic.com aidsubsidy.com
1 go.ayotrk.com 1 redirects
46 12

This site contains links to these domains. Also see Links.

Domain
lowerbillsusa.com
Subject Issuer Validity Valid
ak.lowmiloticer.com
R10		 2024-09-25 -
2024-12-24		 3 months crt.sh
rtmark.net
R11		 2024-08-30 -
2024-11-28		 3 months crt.sh
aidsubsidy.com
WE1		 2024-10-26 -
2025-01-24		 3 months crt.sh
lidstatic.com
E6		 2024-09-20 -
2024-12-19		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
create.leadid.com
Amazon RSA 2048 M03		 2024-07-20 -
2025-08-18		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-14 -
2024-11-12		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
*.ringba.com
Amazon RSA 2048 M03		 2023-11-27 -
2024-12-23		 a year crt.sh

This page contains 4 frames:

Primary Page: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Frame ID: 75C409B5D6126945976BB587CED63C80
Requests: 43 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=075FD281-BC20-23F5-DC38-A457D8317604&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66
Frame ID: 20DEB49BEFFB026912E2C59E3DDFDE2B
Requests: 1 HTTP requests in this frame

Frame: https://create.leadid.com/2.15.1/Snap.iframe?msn=4&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346909
Frame ID: BF2EC6A9E99CD46BD70FE40231E81061
Requests: 1 HTTP requests in this frame

Frame: https://create.leadid.com/2.15.1/Snap.iframe?msn=5&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346910
Frame ID: E5B6D9B5EFC5BFC3D4A56074A9C8B160
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ak.phaunaitsi.net/4/8149157 Page URL
  2. https://ak.phaunaitsi.net/?z=8149157&syncedCookie=true&rhd=false HTTP 302
    https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x Page URL
  3. https://ak.phaunaitsi.net/?z=6118780&syncedCookie=false&rhd=false HTTP 302
    https://go.ayotrk.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=cable&sub4=chrome&su... HTTP 302
    https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

46
Requests

98 %
HTTPS

38 %
IPv6

11
Domains

12
Subdomains

13
IPs

2
Countries

1152 kB
Transfer

1817 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ak.phaunaitsi.net/4/8149157 Page URL
  2. https://ak.phaunaitsi.net/?z=8149157&syncedCookie=true&rhd=false HTTP 302
    https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x Page URL
  3. https://ak.phaunaitsi.net/?z=6118780&syncedCookie=false&rhd=false HTTP 302
    https://go.ayotrk.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=cable&sub4=chrome&sub5=linux&sub6=US&sub7=22104224&sub8=comcast%20cable%20communications%20inc.&sub9=desktop&amt=5800&ref_id=877430789938360686&cost=0.001400 HTTP 302
    https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://ak.phaunaitsi.net/?z=8149157&syncedCookie=true&rhd=false HTTP 302
  • https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
8149157
ak.phaunaitsi.net/4/ 		29 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
03746837550355ebef30f30d8b7cea13c175a17dac2ac5872dedf385762d6911
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
13698
content-type
text/html; charset=utf8
date
Mon, 04 Nov 2024 22:28:39 GMT
expires
Mon, 04 Nov 2024 22:28:39 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache
strict-transport-security
max-age=1
timing-allow-origin
* *
vary
Accept-Encoding
x-content-type-options
nosniff
x-trace-id
38d82e47bc63ff71d7bd7d59f68d4426
img.gif
my.rtmark.net/ 		43 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00810afdb3dc4faef553e2c27fc0b71b&z=8149157&p_rid=477a494b-c69b-473c-a481-0d19ba3e909d&p_src=sf
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Mon, 04 Nov 2024 22:28:40 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
sftouch
ak.phaunaitsi.net/ 		43 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ak.phaunaitsi.net/sftouch?userId=00810afdb3dc4faef553e2c27fc0b71b&z=8149157&p_rid=477a494b-c69b-473c-a481-0d19ba3e909d&p_src=sf&branchId=0&rb=l6FPm6wXbKXaQQy6gxYHbcfwGgrhGF7sDs6XeKi3vCdMFusZvA8rPPlWeREO9bjK0RUd2V5NSTbSlMQYFTIMj_JyELB_iVnpAJJVGNxjVvATfBapVD4DvOkWbsF_5o6S_Hx-S_WxTb_lKhi9Nm_uk0s-o_hRjRfAHS2E8Gqntig-5N5Wc3Pz-X5gou6gk7gEw96M86Ag-SjRn-YhdGi-HrxvXKq79PZht4IAEbmWnO6LzKadFEjZyR6V9T_CDUKEYK4jeytXEvEzm0kYwluQbWD8xiyb0mnak9zkvIB3AEA=&w_img=1
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/4/8149157

Response headers

access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Mon, 04 Nov 2024 22:28:39 GMT
date
Mon, 04 Nov 2024 22:28:39 GMT
content-type
image/gif
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*, *
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma
no-cache
access-control-allow-credentials
true
x-trace-id
47b5d9052ec65106bd632cba6066cce0
access-control-allow-origin
*
content-length
43
add
ak.phaunaitsi.net/log/ 		12 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=477a494b-c69b-473c-a481-0d19ba3e909d
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.phaunaitsi.net/4/8149157

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 04 Nov 2024 22:28:39 GMT
access-control-allow-origin
https://ak.phaunaitsi.net
content-length
12
date
Mon, 04 Nov 2024 22:28:39 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
add
ak.phaunaitsi.net/async_log/ 		0
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=477a494b-c69b-473c-a481-0d19ba3e909d
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.phaunaitsi.net/4/8149157

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 04 Nov 2024 22:28:39 GMT
access-control-allow-origin
https://ak.phaunaitsi.net
content-length
0
date
Mon, 04 Nov 2024 22:28:39 GMT
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
img.gif
my.rtmark.net/ 		43 B
507 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00810afdb3dc4faef553e2c27fc0b71b&z=8149157&p_rid=477a494b-c69b-473c-a481-0d19ba3e909d&p_src=sf
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/8149157
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
https://ak.phaunaitsi.net
content-length
43
date
Mon, 04 Nov 2024 22:28:40 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
6118780
ak.phaunaitsi.net/4/
Redirect Chain
  • https://ak.phaunaitsi.net/?z=8149157&syncedCookie=true&rhd=false
  • https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
29 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5ee3d20dc4235f8f4acc062c2e064fb362c9a3f74b006cddc38e371716730fee
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://ak.phaunaitsi.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
13722
content-type
text/html; charset=utf8
date
Mon, 04 Nov 2024 22:28:41 GMT
expires
Mon, 04 Nov 2024 22:28:41 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache
quic-version
0x00000001
strict-transport-security
max-age=1
timing-allow-origin
* *
vary
Accept-Encoding
x-content-type-options
nosniff
x-trace-id
8a85305a74b19b3c5cc2c85577509930

Redirect headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://ak.phaunaitsi.net
access-control-max-age
86400
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control
max-age=0, no-cache, no-store
content-length
0
date
Mon, 04 Nov 2024 22:28:40 GMT
expires
Mon, 04 Nov 2024 22:28:40 GMT
link
<https://ak.phaunaitsi.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
pragma
no-cache
quic-version
0x00000001
referrer-policy
no-referrer
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
13b6f5c192d7460a1df3cb53a412b0d1
img.gif
my.rtmark.net/ 		43 B
507 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00810afdb3dc4faef553e2c27fc0b71b&z=6118780&p_rid=f96af715-a685-4d26-82bb-4e1450b99cb8&p_src=sf
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
https://ak.phaunaitsi.net
content-length
43
date
Mon, 04 Nov 2024 22:28:41 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
sftouch
ak.phaunaitsi.net/ 		43 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ak.phaunaitsi.net/sftouch?userId=00810afdb3dc4faef553e2c27fc0b71b&z=6118780&p_rid=f96af715-a685-4d26-82bb-4e1450b99cb8&p_src=sf&branchId=0&rb=koOZ9jhh-3TwwWWTQ_R1q9LGHS4s9XyfCovIFsIkPFlXJEDjoppUskpEexaMc4G_eeN0mgzglmVpNbcA86Ye8t-E8Ee26N9NEMMxD_2D4gnRICPv4M8UxajNKgh0V7uD6iCPhvOPWlPXKMBAUdoVkEWAG119MRUaxWklF_M_fHXyTMZYbXXnqybLScuk46oVS3lrzHfK2pOnz0Ix7uXxwWkxU57nKZ8eUDwLAZWrKREhsV_oVBt7WWr5bjHtWHPEa4Tu5RO9aGiBLLzPdPBJaop5dddrGF-iOoa8oYjoNI9FJ-3H326QFg==&w_img=1
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Mon, 04 Nov 2024 22:28:41 GMT
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
date
Mon, 04 Nov 2024 22:28:41 GMT
content-type
image/gif
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*, *
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma
no-cache
access-control-allow-credentials
true
x-trace-id
25a4951ff2437d8309cafb30e3dd79e2
quic-version
0x00000001
access-control-allow-origin
*
content-length
43
add
ak.phaunaitsi.net/log/ 		12 B
38 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f96af715-a685-4d26-82bb-4e1450b99cb8
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 04 Nov 2024 22:28:41 GMT
access-control-allow-origin
https://ak.phaunaitsi.net
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
12
date
Mon, 04 Nov 2024 22:28:41 GMT
content-type
application/json; charset=utf-8
quic-version
0x00000001
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
add
ak.phaunaitsi.net/async_log/ 		0
20 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f96af715-a685-4d26-82bb-4e1450b99cb8
Requested by
Host: ak.phaunaitsi.net
URL: https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 04 Nov 2024 22:28:41 GMT
access-control-allow-origin
https://ak.phaunaitsi.net
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
0
date
Mon, 04 Nov 2024 22:28:41 GMT
quic-version
0x00000001
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
favicon.ico
ak.phaunaitsi.net/ 		0
12 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/favicon.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x

Response headers

expires
Mon, 04 Nov 2024 22:28:41 GMT
cache-control
max-age=0, no-cache, no-store
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
pragma
no-cache
date
Mon, 04 Nov 2024 22:28:41 GMT
quic-version
0x00000001
Primary Request /
aidsubsidy.com/lp5/
Redirect Chain
  • https://ak.phaunaitsi.net/?z=6118780&syncedCookie=false&rhd=false
  • https://go.ayotrk.com/66ec8194d59c6f7a7c34d8f0?sub1=6118780&sub2=8651757&sub3=cable&sub4=chrome&sub5=linux&sub6=US&sub7=22104224&sub8=comcast%20cable%20communications%20inc.&sub9=desktop&amt=5800&r...
  • https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4...
22 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
004f47215427be4f6bdfab1acce3f798f5f034127209f456302766a0afc08541

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://ak.phaunaitsi.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8dd809e35ac68df0-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 04 Nov 2024 22:28:42 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ep%2BOkAA3KVpaLf6S9Tc3dyYmldpTGxTTkJamTt5tbPLU2FEpLzYAK4sG%2BV7xJmhK%2Bw5acWMUjI%2B4zIvhRX5Kd378lt6QYFcS6tN6UL%2FqPBufXE8oljQFjNJnbhh%2FD%2F%2FRHg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=29897&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4157&recv_bytes=4684&delivery_rate=509&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=148&x=1" cfExtPri cfHdrFlush;dur=0
vary
accept-encoding

Redirect headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Range
Connection
close
Content-Length
384
Content-Type
text/html; charset=utf-8
Date
Mon, 04 Nov 2024 22:28:42 GMT
Location
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
X-Kong-Proxy-Latency
0
X-Kong-Request-Id
ff6e482e2bb10d736e5e5f39a54c5c08
X-Kong-Upstream-Latency
5
favicon.ico
ak.phaunaitsi.net/ 		0
12 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ak.phaunaitsi.net/favicon.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.46.238.202 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-238-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ak.phaunaitsi.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false

Response headers

expires
Mon, 04 Nov 2024 22:28:41 GMT
cache-control
max-age=0, no-cache, no-store
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
pragma
no-cache
date
Mon, 04 Nov 2024 22:28:41 GMT
quic-version
0x00000001
swiper-bundle.min.css
aidsubsidy.com/lp5/ 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/swiper-bundle.min.css
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c94a0dc6cbd7f95a3c4eb8f7959fd8e5905ff0794116c07a5f09bbac7ef9ffd1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6691a1d5-4804"
age
1817
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=glCnwT4pY6fWLUoUzoMBHPAKJ%2BLdMQoohm0RQ5WNMJFGtICy4vScloQPnyceAzHAu7qqDY8jsVwkNE6lseup3JUp%2FaNj2%2BxE4rz6UW6FvaQ02pTt%2FL9%2FktgIMGA9e8swUA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=19&recv=19&lost=0&retrans=0&sent_bytes=10765&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=225&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/css
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6a8df0-MIA
server
cloudflare
swiper-bundle.min.js
aidsubsidy.com/lp5/ 		145 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/swiper-bundle.min.js
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6942f0873b6a7108e18a983b4192ad469011a8131317f88161d6f0917058da22

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6691a1d5-243f7"
age
1817
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QUbEzCSXCggXIaMPG9jgl%2FrgjF5kCxmlvbAB4NBtpA%2F9fkdTzopOP%2Fq7x3E1JohFie7OvgZqQhMOILpMNUs1A8WTaHFXjCPjLoOrjVOLkytcZrWpiBkIxK9nipheNj1Dug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=30&recv=19&lost=0&retrans=0&sent_bytes=22765&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=228&x=1", cfExtPri, cfHdrFlush;dur=28
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/javascript
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6b8df0-MIA
server
cloudflare
style.css
aidsubsidy.com/lp5/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/style.css
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8692b3e5caaf92c5f7540b8e0c97ac42fd80274c26df34e838f9438ada92a523

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6691a1da-163a"
age
1817
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQJr3vEidosp4E6W4uUI0QZKjSN2QXFlVS%2F6i557COyAnSXGFKa5Ns3xrssQLP%2FrOSbMQDISLXfbAPATSr2fwNH4QBnQjYatod6wU1IBNo1yEsULF0HmPd0je%2BGxe3IKxA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=24&recv=19&lost=0&retrans=0&sent_bytes=16306&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=227&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/css
last-modified
Fri, 12 Jul 2024 21:36:26 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6c8df0-MIA
server
cloudflare
timerclk_v1.3.js
aidsubsidy.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/js/timerclk_v1.3.js
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68c50ce36d6a706c212607165c0fcb4ad4d91c1fc8d66db7367a29d29a1704dc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"66aa9054-65e"
age
1226
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBQbEtSv5frg%2FoHOZloT2%2BULwo%2FPdJLTcQskHarG6D8TuVUqqtBtoBRXNtgYlcwvYK5bBMXMggPUfqPMZ91u20oNlMC8PRvaVWKhkE5uOpe%2B9mwN%2BlK0hEXd91DUN%2FLXyw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=30&recv=19&lost=0&retrans=0&sent_bytes=22765&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=231&x=1", cfExtPri, cfHdrFlush;dur=25
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/javascript
last-modified
Wed, 31 Jul 2024 19:28:20 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6d8df0-MIA
server
cloudflare
breaking-news.png
aidsubsidy.com/lp5/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/breaking-news.png
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce48ba0b3b2d3b1dfc8ae1158b0133035823963b717175a03c2e0d7b1a0419a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1d9-185d"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUF2B5iaLT88qSYpckkW%2BSI%2Fi7desun4toBsHdEZkM%2BpEiq71dMfwTIjg5cOotLgz%2FF7fgg%2B1XIqnA3wogiKx4Fmc16ANpXUY%2BpjSUOmL88AQIAJhwEHRQAhIBRD%2F1Xxag%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=30&recv=19&lost=0&retrans=0&sent_bytes=22765&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=229&x=1", cfExtPri, cfHdrFlush;dur=27
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/png
last-modified
Fri, 12 Jul 2024 21:36:25 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6e8df0-MIA
accept-ranges
bytes
content-length
6237
server
cloudflare
live.gif
aidsubsidy.com/lp5/ 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/live.gif
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5753af534566bc6711ac61389e1ab7870faaebfe8c612881e3f8c81e836963d5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1d5-138b5"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfMbOZsDUpqjM41Ca3MHHkuk65ftzTqnVvPvlUVoX9L6E5Gopy8LsinIMMCb6Y8nmsD9L%2B3YRTHan%2FRlMv5BFFau%2BHel9N9jbUBlnSuvURLGBEJo3T0BsM2VhohnlUA5ZA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=29872&sent=26&recv=19&lost=0&retrans=0&sent_bytes=18282&recv_bytes=8178&delivery_rate=221030&cwnd=12000&unsent_bytes=0&cid=3665b524df20660c&ts=227&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/gif
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e46c6f8df0-MIA
accept-ranges
bytes
content-length
80053
server
cloudflare
tap.gif
aidsubsidy.com/lp5/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/tap.gif
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed1a6ff802c3e71b1c3e732bb37deef071e0ff76f6e75a21c3b1dea2bf28908b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1da-1c614"
age
1815
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zqToPuyU1JIGUwRyKKzALztedjrLOtfyQBrO%2F%2BXUw6iDBGBzr%2FelhdDznNInLlUH1JkjjF73GctTdQVfBeB8jOZ2DY9TVJBB0cT%2BH5%2BEV%2BQaAwo75PZ9ly7I9bdF7PCn8g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35451&sent=151&recv=63&lost=0&retrans=0&sent_bytes=153264&recv_bytes=13648&delivery_rate=1526446&cwnd=79200&unsent_bytes=0&cid=3665b524df20660c&ts=333&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/gif
last-modified
Fri, 12 Jul 2024 21:36:26 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e51d588df0-MIA
accept-ranges
bytes
content-length
116244
server
cloudflare
parliment.png
aidsubsidy.com/lp5/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/parliment.png
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d31e6f203499c1efa94e5859582715c6fc68ac81ca8a67e5db83bdab78ec7111

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1da-c8ce"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GiFwP5Lq45j9xgUoJvJeRm5FjxhmirtMfVWXm0TpPgshntNoVurHEtG9Hm6BakmZ6rL6cRg%2F9%2BXTzp2CLXJnG7UWYJqr47FHj4A7uwpa%2Fqefo35K7ZcEqywk%2FSXvrf0jzA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=34256&sent=175&recv=65&lost=0&retrans=0&sent_bytes=178836&recv_bytes=13738&delivery_rate=1582842&cwnd=84000&unsent_bytes=0&cid=3665b524df20660c&ts=345&x=1", cfExtPri, cfHdrFlush;dur=4
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/png
last-modified
Fri, 12 Jul 2024 21:36:26 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d758df0-MIA
accept-ranges
bytes
content-length
51406
server
cloudflare
congrats.png
aidsubsidy.com/lp5/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/congrats.png
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e0adfc2dcb07244bc15bafbb6a55284968c2802324856d3183421a17266035d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1d9-c005"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pq%2FB3MToFysomdsi%2BQqwFi3e86QZFOY68INMwkMDLDN8C%2BLzkfJTk294Q8ZRzPEg3FAUtp1MDmooeWwHbWsSqXvZ7mX%2BQkCmiwA6wxEfQC%2FMvuuvYklZODBiAdPr8Y4yOw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35283&sent=260&recv=73&lost=0&retrans=0&sent_bytes=279929&recv_bytes=14095&delivery_rate=2163244&cwnd=139200&unsent_bytes=0&cid=3665b524df20660c&ts=351&x=1", cfExtPri, cfHdrFlush;dur=10
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/png
last-modified
Fri, 12 Jul 2024 21:36:25 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d778df0-MIA
accept-ranges
bytes
content-length
49157
server
cloudflare
phone.png
aidsubsidy.com/lp5/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/phone.png
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38e660c86fa1c9eeb2405516532fbdc3624eac12bf137f49d8a16864265f6166

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1da-1276"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lh6g82%2FPBLUKntR161B%2Bd%2FfvsvNxUOvzJq4MU%2FyLbtS6GGw7VKXXA9ihGGMuRbmmQw%2BGU1rWZPpeaCvP9lWwBYXEV3tt6O8%2FVb22LYD0NRH5hh9AKzZXXHZXzELP85S8ww%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=34256&sent=175&recv=65&lost=0&retrans=0&sent_bytes=178836&recv_bytes=13738&delivery_rate=1582842&cwnd=84000&unsent_bytes=0&cid=3665b524df20660c&ts=343&x=1", cfExtPri, cfHdrFlush;dur=6
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/png
last-modified
Fri, 12 Jul 2024 21:36:26 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d7a8df0-MIA
accept-ranges
bytes
content-length
4726
server
cloudflare
whitehouse.png
aidsubsidy.com/lp5/ 		139 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/whitehouse.png
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db1c5f1903a12837cbfe76d478cda1612a0ff9bda9e502c33954c334d2ed5697

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

cf-cache-status
HIT
etag
"6691a1d9-22bc0"
age
1815
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LNhHdtJIRQkbANlKa5X0g%2FZSYl7OzSCaendy4yeItpbhN533GzdJ6GMG9sZi9XI58fjlDF4%2F9JJLJpa2qxU6BoaU9iQqxAW9UrTfj1%2ByrDnJ1yaDhDprsqzu31Wb5DiYPA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35451&sent=165&recv=63&lost=0&retrans=0&sent_bytes=169553&recv_bytes=13648&delivery_rate=1526446&cwnd=79200&unsent_bytes=0&cid=3665b524df20660c&ts=340&x=1", cfExtPri, cfHdrFlush;dur=3
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/png
last-modified
Fri, 12 Jul 2024 21:36:25 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d7d8df0-MIA
accept-ranges
bytes
content-length
142272
server
cloudflare
jquery.min.js
aidsubsidy.com/lp5/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/jquery.min.js
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6691a1d5-155a6"
age
1816
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dy0Tam8GGABlgH6bXWEKv6uzFQw2FHz93Acg7qGTV8Hw%2F1mQuM8rBA9BYu8rx6dp33EIiPMHcDBPAswot7U%2B6MO7d9WB3e1oAG4uNgMOxBvyPbbkJgulK3grVFJJE9kV7A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35451&sent=165&recv=63&lost=0&retrans=0&sent_bytes=169553&recv_bytes=13648&delivery_rate=1526446&cwnd=79200&unsent_bytes=0&cid=3665b524df20660c&ts=340&x=1", cfExtPri, cfHdrFlush;dur=3
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/javascript
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d798df0-MIA
server
cloudflare
a57816b4-6c59-f397-7853-7e14e45d3e1b.js
create.lidstatic.com/campaign/ 		121 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:27b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f93e14fd5c9e6b37ef75366cc7da674216303da0df21377ac275abb45f46642f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"e2798b352a3c606d3011de9a0d41e6bb"
x-amz-version-id
LOxb9_S9sT_OxE1gKVR12awM5PgUUTpm
age
1713
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/javascript
last-modified
Thu, 10 Oct 2024 22:58:35 GMT
vary
Accept-Encoding
x-amz-id-2
GZ9X8gsndT1zW7RujGoWRKBMyX85TorHQGcehEQ49QXnmpoEAP97kzqGJpHXb+TxIcxMniMgkm8=
x-amz-replication-status
COMPLETED
cache-control
max-age=1800
x-amz-request-id
QY9PYEY8B7JCBKKA
cf-ray
8dd809e5da6631d8-MIA
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/ 		203 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KBD8WP6
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c0355ae2e928dbde59341e9b68d44f980efb44eeba43c6831c0358fc0baa0c5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 04 Nov 2024 22:28:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 04 Nov 2024 21:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
73604
x-xss-protection
0
server
Google Tag Manager
bg.jpg
aidsubsidy.com/lp5/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aidsubsidy.com/lp5/bg.jpg
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cecaaf9bddf7acf44fe8802bda00b0755b2c2cfa464d1b2e00e975ea1743643d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/lp5/style.css

Response headers

cf-cache-status
HIT
etag
"6691a1db-d815"
age
4652
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNTkzl6TQuInE1mon2q%2FiKgOHMjct1TTjx7vC521nynoTuWaZLw9AV%2BZewMO61zUz3tA6inNCAANVj5CMsHR7%2BpfIFKTjfPDnE%2FFTMrJhjjMu4v3BXjrR9bleCpLeJC08A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35451&sent=165&recv=63&lost=0&retrans=0&sent_bytes=169553&recv_bytes=13648&delivery_rate=1526446&cwnd=79200&unsent_bytes=0&cid=3665b524df20660c&ts=341&x=1", cfExtPri, cfHdrFlush;dur=8
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
image/jpeg
last-modified
Fri, 12 Jul 2024 21:36:27 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dd809e52d7e8df0-MIA
accept-ranges
bytes
content-length
55317
server
cloudflare
audio-1.mp3
aidsubsidy.com/lp5/ 		35 KB
35 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/audio-1.mp3
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1eaf38961b3f7bf0044b766d855bf9ebeb5702f5d7f19c195216ee544c5f6ce5

Request headers

Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"6691a1d8-8a03"
age
758
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D5mcEVx2crYMij%2BkvAbKCC203vfeHb9fwmDjk5XRBamceCUdBO7luiJnuVRKZvPr%2BgM%2Fu52Bdy3fvu13EIk6ga%2Bv4q0sc3LXYHq1G8OcW9xUT9kLXkxSnyrO%2Bmkbpo7IRw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30422&sent=564&recv=115&lost=0&retrans=0&sent_bytes=631000&recv_bytes=17465&delivery_rate=9639694&cwnd=308400&unsent_bytes=0&cid=3665b524df20660c&ts=439&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
audio/mpeg
last-modified
Fri, 12 Jul 2024 21:36:24 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-35330/35331
cf-ray
8dd809e5be668df0-MIA
Content-Length
35331
server
cloudflare
audio-2.mp3
aidsubsidy.com/lp5/ 		43 KB
44 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/audio-2.mp3
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd71b0b1888eafff2a810f605530236ff2de3c0dc52d0ee44ac0cbe97cae53a5

Request headers

Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"6691a1da-ab6d"
age
758
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxQ9V%2BWtg5uOYZ2eRUYh7j3YLWCgI31jrMWCxbmrysXRbkIC%2FkdhfkQ1uw1KLFpKZQi7vx16AYkgs%2BIfVy6RmyRJxOJSv%2BUKIi%2B66ejtfwae3X3EWlCs7qDyYL%2FW7gOP3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30422&sent=554&recv=115&lost=0&retrans=0&sent_bytes=619000&recv_bytes=17465&delivery_rate=9639694&cwnd=308400&unsent_bytes=0&cid=3665b524df20660c&ts=438&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
audio/mpeg
last-modified
Fri, 12 Jul 2024 21:36:26 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-43884/43885
cf-ray
8dd809e5be6a8df0-MIA
Content-Length
43885
server
cloudflare
audio-4-5800.mp3
aidsubsidy.com/lp5/ 		239 KB
239 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/audio-4-5800.mp3
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
557953f818c6b4e6b51e6b8e3ffe1db191546f016fd9742401f6082cd38b3c6b

Request headers

Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"6691a1d5-3ba48"
age
758
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRQS7Q7yx9Qo9OGf6mHlec1msMWYKWml4zLwyaQpw6aj7QF6Yt6iOAi3N3w64ttsmWClqp5yx21fig1azXobL42cOIgbFvojLjpUM4TiXcf5OCAJUd8vIehQevEWcfaYug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30411&sent=623&recv=116&lost=0&retrans=0&sent_bytes=701363&recv_bytes=17510&delivery_rate=9326412&cwnd=308400&unsent_bytes=0&cid=3665b524df20660c&ts=441&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
audio/mpeg
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-244295/244296
cf-ray
8dd809e5be708df0-MIA
Content-Length
244296
server
cloudflare
audio-4-5800.mp3
aidsubsidy.com/lp5/ 		3 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://aidsubsidy.com/lp5/audio-4-5800.mp3
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.187.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"6691a1d5-3ba48"
age
758
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tA4R1R0Tt1Pgf%2F6vgasEAmoftU%2FfDo7uz7NZrjX568DzXI%2FUbaTbjO9dfcCV2PUKdxMYnAR5Qx1rl%2BdGvxuFBecib50%2FscIQ0EnPX%2FjCLTryNDK3izgfuVrnn17OE0aFrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35248&sent=834&recv=143&lost=0&retrans=0&sent_bytes=952064&recv_bytes=19227&delivery_rate=9773605&cwnd=332400&unsent_bytes=0&cid=3665b524df20660c&ts=488&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
audio/mpeg
last-modified
Fri, 12 Jul 2024 21:36:21 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-244295/244296
cf-ray
8dd809e61efd8df0-MIA
Content-Length
244296
server
cloudflare
GenerateToken
create.leadid.com/2.15.1/ 		36 B
659 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.15.1/GenerateToken?msn=1&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&_=932346905
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.5.88.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-88-2.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d90e358ed156765ab72eb7bd74e385661bd54ff5c3e9f99e66fe423fa39bfd0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://aidsubsidy.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-max-age
1728000
cache-control
no-cache, must-revalidate
content-encoding
gzip
expires
Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin
*
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/plain;charset=UTF-8
server
nginx
access-control-allow-headers
X-Requested-With, Content-Type
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBD8WP6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
924f0b32e86fe959e4290f3690d241cc6a24c08a0a4be56b4d3ce9c2286291bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-WLdnjGK9' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-WLdnjGK9' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=53, rtx=0, c=23, mss=1232, tbw=4427, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
FTocUabEEcE+pu3AVPIo1lgIvpjzfbVEd9ZjhwZ5pf9k02O/nbFxJT3NC7IPETq6oIaLjf55sSL+9CspiwQsQQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62086
x-xss-protection
0
origin-agent-cluster
?1
iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 20DE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=075FD281-BC20-23F5-DC38-A457D8317604&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=A57816B4-6C59-F397-7853-7E14E45D3E1B&lac=F252983F-4BD1-0DD8-CD81-F4700AF60B66
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.227.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-227-13.iad79.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://aidsubsidy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
*
Access-Control-Allow-Origin
*
Age
49464
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 04 Nov 2024 08:44:19 GMT
Etag
W/"6707fed3-dbb"
Last-Modified
Thu, 10 Oct 2024 16:20:35 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Via
1.1 3072c658bb2e308b174aea92028efcd6.cloudfront.net (CloudFront)
X-Amz-Cf-Id
pslFcgeVrLp3hXBDCub0I-Bht4xqzYfWHuX8jNxS6L1UY793rUzYHw==
X-Amz-Cf-Pop
IAD79-C3
X-Cache
Hit from cloudfront
SaveDom
create.leadid.com/2.15.1/ 		0
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.15.1/SaveDom?msn=2&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346906
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.5.88.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-88-2.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://aidsubsidy.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-max-age
1728000
cache-control
no-cache, must-revalidate
content-encoding
gzip
expires
Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin
*
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/plain;charset=UTF-8
server
nginx
access-control-allow-headers
X-Requested-With, Content-Type
InitFormData
create.leadid.com/2.15.1/ 		0
621 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.15.1/InitFormData?msn=3&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346907
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/a57816b4-6c59-f397-7853-7e14e45d3e1b.js?snippet_version=2&callback=addToQueryString
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.5.88.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-88-2.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://aidsubsidy.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-max-age
1728000
cache-control
no-cache, must-revalidate
content-encoding
gzip
expires
Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin
*
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
text/plain;charset=UTF-8
server
nginx
access-control-allow-headers
X-Requested-With, Content-Type
CA701edcfda750434cbdf14b7ceddcabf1
b-js.ringba.com/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-js.ringba.com/CA701edcfda750434cbdf14b7ceddcabf1
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27cb:a600:4:1957:6500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
425cf80a0a00bd5355f80e9a9accf7061ff89ce0c164fb44bc9608244f45a849

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

access-control-max-age
300
age
184
expires
Mon, 04 Nov 2024 22:30:39 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
ShlY6J43gu0mMOmomRfu2I6lk4ga2PYIJpa3vNt5nikRRQG9Cd8iZA==
date
Mon, 04 Nov 2024 22:25:39 GMT
content-type
text/html; charset=utf-8
x-runtime
0.0000
cache-control
public
x-aspnet-version
4.0.30319
via
1.1 9e0e9bdbb4ef473a019709a070d827d8.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
17720
x-amz-cf-pop
IAD55-P6
x-powered-by
ASP.NET
server
Microsoft-IIS/10.0
780623153726433
connect.facebook.net/signals/config/ 		88 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/780623153726433?v=2.9.176&r=stable&domain=aidsubsidy.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
2650eb87bef79d8fe79249ecda64d99ac39839add5098e80f99c88ce184c5f51
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-1uBBq9mt' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 04 Nov 2024 22:28:42 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-1uBBq9mt' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=54, rtx=0, c=76, mss=1232, tbw=70219, tp=65, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
boX2YlmC//17K3xDvCVAbfwBj1rbYoINSjpI2bKjHkNuRwKDlNpkeXdcvnSa+wy/M9Qb910NFK78L24046oWRA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
18971
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=780623153726433&ev=PageView&dl=https%3A%2F%2Faidsubsidy.com&rl=&if=false&ts=1730759323014&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1730759323013.848771276452300899&pm=1&hrl=5970e4&ler=empty&cdl=API_unavailable&it=1730759322924&coo=false&tm=1&cs_cc=1&cas=8972100186139092%2C7869549216427153%2C9010332735648752%2C7937643766320591%2C25918686207775533%2C7879204782163645%2C8135674146462778%2C26578102048455481%2C7428564733928370%2C7430014963758905%2C8130954230252603%2C8156212071163171%2C7770770619624888%2C6848977285184933%2C24392222093756326%2C6846828002076257%2C6832038293576359%2C5511102012347571%2C7026137747439158%2C24066459806336132%2C6794730927249033%2C6736310903126754%2C6461639747223968%2C6887415684631292%2C6655316901227557%2C6824017100992204%2C6470557919697356%2C6871813186196933%2C6406454956103060%2C6488258184622402%2C6389926114418170%2C6974227112589466%2C6690657220955293%2C6379237478818486&rqm=GET
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75&leadid=075FD281-BC20-23F5-DC38-A457D8317604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=55, rtx=0, c=10, mss=1297, tbw=2916, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 04 Nov 2024 22:28:43 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=780623153726433&ev=PageView&dl=https%3A%2F%2Faidsubsidy.com&rl=&if=false&ts=1730759323014&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1730759323013.848771276452300899&pm=1&hrl=5970e4&ler=empty&cdl=API_unavailable&it=1730759322924&coo=false&tm=1&cs_cc=1&cas=8972100186139092%2C7869549216427153%2C9010332735648752%2C7937643766320591%2C25918686207775533%2C7879204782163645%2C8135674146462778%2C26578102048455481%2C7428564733928370%2C7430014963758905%2C8130954230252603%2C8156212071163171%2C7770770619624888%2C6848977285184933%2C24392222093756326%2C6846828002076257%2C6832038293576359%2C5511102012347571%2C7026137747439158%2C24066459806336132%2C6794730927249033%2C6736310903126754%2C6461639747223968%2C6887415684631292%2C6655316901227557%2C6824017100992204%2C6470557919697356%2C6871813186196933%2C6406454956103060%2C6488258184622402%2C6389926114418170%2C6974227112589466%2C6690657220955293%2C6379237478818486&rqm=FGET
Requested by
Host: aidsubsidy.com
URL: https://aidsubsidy.com/lp5/?clickid=67294a9a14f45e2306318691&cmpid=66ec8194d59c6f7a7c34d8f0&adid=22104224&campaign_id=8651757&utm_source=AdMaven&utm_medium=paid&lpkeyua=40c3c54af40a90f0c56bcb7c52c4e918.1730759622&amt=5800&s1=PropellerAds&s3=8651757&s4=none&s5=22104224&lp=lp5&pid=bear-6603198fa86e190001136c75&leadid=075FD281-BC20-23F5-DC38-A457D8317604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://aidsubsidy.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7433554689779044411"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 04 Nov 2024 22:28:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
6w8Lt/Y315H767sDkqenbIQ17NKi//eQi27UKWYRuKtgUGebr4jr0V+XeBbOlU5DuGHixC+q6udmp4Ak8uwW1A==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7433554689779044411", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=55, rtx=0, c=10, mss=1297, tbw=3229, tp=-1, tpl=-1, uplat=127, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
gnbulk
display.ringba.com/v2/nis/ 		394 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://display.ringba.com/v2/nis/gnbulk
Requested by
Host: b-js.ringba.com
URL: https://b-js.ringba.com/CA701edcfda750434cbdf14b7ceddcabf1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.167.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-167-89.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
89d8f936bdde3d15e920f2aa8efebd3f333c02f0062a08e28c18fd47ae915bc5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
text/plain
Referer
https://aidsubsidy.com/

Response headers

access-control-max-age
300
cache-control
no-cache
x-aspnet-version
4.0.30319
pragma
no-cache
expires
-1
access-control-allow-origin
https://aidsubsidy.com
content-length
394
date
Mon, 04 Nov 2024 22:28:43 GMT
content-type
application/json; charset=utf-8
x-powered-by
ASP.NET
server
Microsoft-IIS/10.0
x-runtime
0.0040
Snap
create.leadid.com/2.15.1/ 		0
0
Snap.iframe
create.leadid.com/2.15.1/ Frame BF2E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.15.1/Snap.iframe?msn=4&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346909
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.86.117.102 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryl0Yw1YYZ2OGfdPTE
Origin
https://aidsubsidy.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With, Content-Type
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Mon, 04 Nov 2024 22:28:43 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
Snap.iframe
create.leadid.com/2.15.1/ Frame E5B6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.15.1/Snap.iframe?msn=5&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346910
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.86.117.102 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryvAivPu5mhl90AtJx
Origin
https://aidsubsidy.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With, Content-Type
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Mon, 04 Nov 2024 22:28:43 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
create.leadid.com
URL
https://create.leadid.com/2.15.1/Snap?msn=4&pid=d0ce6e47-bd0e-4bf7-910c-579945e2c54c&token=075FD281-BC20-23F5-DC38-A457D8317604&_=932346908

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| Swiper function| getQueryParams function| addToQueryString object| dataLayer function| enableOnClickTimers function| trk_сlick function| $ function| jQuery function| loadJQueryAndChat object| LeadiD object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| _fbq_gtm_ids string| id object| defaultStyleFrame object| ringba_known_numbers object| _rgba object| ringba object| _rgba_tags

15 Cookies

Domain/Path Name / Value
ak.phaunaitsi.net/ Name: OAID
Value: 00810afdb3dc4faef553e2c27fc0b71b
ak.phaunaitsi.net/ Name: oaidts
Value: 1730759319
my.rtmark.net/ Name: ID
Value: 00810afdb3dc4faef553e2c27fc0b71b
ak.phaunaitsi.net/ Name: syncedCookie
Value: true
ak.phaunaitsi.net/ Name: captcha
Value: system
.go.ayotrk.com/ Name: redcmps
Value: W3siaWQiOiI2NmVjODE5NGQ1OWM2ZjdhN2MzNGQ4ZjAiLCJ0IjoiMjAyNC0xMS0wNFQyMjoyODo0Mi4wMDMzNDUyMjlaIn1d
.go.ayotrk.com/ Name: redhash
Value: NjcyOTRhOWExNGY0NWUyMzA2MzE4NjkxfDB8NjZlYzgxOTRkNTljNmY3YTdjMzRkOGYwfHxmNWE2OGJiNi0xMjUzLTQ1ZjctOTNjYi1kNWIzZWM2MDJlOWV8MTczMDc1OTMyMg==
aidsubsidy.com/ Name: PHPSESSID
Value: lnfoo8m94nl80r6b4gulcckird
aidsubsidy.com/ Name: lang
Value: en
aidsubsidy.com/ Name: leadid_token-F252983F-4BD1-0DD8-CD81-F4700AF60B66-A57816B4-6C59-F397-7853-7E14E45D3E1B
Value: 075FD281-BC20-23F5-DC38-A457D8317604
.aidsubsidy.com/ Name: _fbp
Value: fb.1.1730759323013.848771276452300899
.trueleadid.com/ Name: nlbi_3051494
Value: gonGK0Cd0HnS9+FNC30iGwAAAAC3euAsUu9ieqFZDCIOOY+e
.trueleadid.com/ Name: visid_incap_3051494
Value: s06hKzCJTVqJm7Fs2eqrV5pKKWcAAAAAQUIPAAAAAABUiDY2QMMxriDm5NbunPcu
.trueleadid.com/ Name: incap_ses_1310_3051494
Value: ChePWCU+NiUkcVEgOQ4uEppKKWcAAAAAgjuF15omdhV6nE8dCLXSJQ==
.deviceid.trueleadid.com/ Name: uuid
Value: 8f5a8ebc31714a29b3383f78293f5f64

4 Console Messages

Source Level URL
Text
rendering warning URL: https://ak.phaunaitsi.net/4/8149157
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A040C807F4360000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ak.phaunaitsi.net/afu.php?zoneid=8149157&var=8149157&rid=a6Dd4FRv4xv0O5HRvJcx8Q%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D0C807F4360000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ak.phaunaitsi.net/4/6118780?var=8149157&btz=Pacific/Honolulu&bto=600&bar=x
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A040C807F4360000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ak.phaunaitsi.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D0C807F4360000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aidsubsidy.com
ak.phaunaitsi.net
b-js.ringba.com
connect.facebook.net
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
display.ringba.com
go.ayotrk.com
my.rtmark.net
www.facebook.com
www.googletagmanager.com
create.leadid.com
139.45.195.8
157.240.229.1
172.67.187.229
23.46.238.202
2600:9000:27cb:a600:4:1957:6500:93a1
2606:4700:10::6816:27b6
2607:f8b0:400d:c04::61
2a01:4ff:f0:ea7d::1
2a03:2880:f103:83:face:b00c:0:25de
3.86.117.102
52.20.167.89
52.5.88.2
99.86.227.13
004f47215427be4f6bdfab1acce3f798f5f034127209f456302766a0afc08541
03746837550355ebef30f30d8b7cea13c175a17dac2ac5872dedf385762d6911
1eaf38961b3f7bf0044b766d855bf9ebeb5702f5d7f19c195216ee544c5f6ce5
2650eb87bef79d8fe79249ecda64d99ac39839add5098e80f99c88ce184c5f51
38e660c86fa1c9eeb2405516532fbdc3624eac12bf137f49d8a16864265f6166
425cf80a0a00bd5355f80e9a9accf7061ff89ce0c164fb44bc9608244f45a849
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
557953f818c6b4e6b51e6b8e3ffe1db191546f016fd9742401f6082cd38b3c6b
5753af534566bc6711ac61389e1ab7870faaebfe8c612881e3f8c81e836963d5
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5ee3d20dc4235f8f4acc062c2e064fb362c9a3f74b006cddc38e371716730fee
68c50ce36d6a706c212607165c0fcb4ad4d91c1fc8d66db7367a29d29a1704dc
6942f0873b6a7108e18a983b4192ad469011a8131317f88161d6f0917058da22
7e0adfc2dcb07244bc15bafbb6a55284968c2802324856d3183421a17266035d
8692b3e5caaf92c5f7540b8e0c97ac42fd80274c26df34e838f9438ada92a523
89d8f936bdde3d15e920f2aa8efebd3f333c02f0062a08e28c18fd47ae915bc5
924f0b32e86fe959e4290f3690d241cc6a24c08a0a4be56b4d3ce9c2286291bc
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
c0355ae2e928dbde59341e9b68d44f980efb44eeba43c6831c0358fc0baa0c5a
c94a0dc6cbd7f95a3c4eb8f7959fd8e5905ff0794116c07a5f09bbac7ef9ffd1
cd71b0b1888eafff2a810f605530236ff2de3c0dc52d0ee44ac0cbe97cae53a5
ce48ba0b3b2d3b1dfc8ae1158b0133035823963b717175a03c2e0d7b1a0419a5
cecaaf9bddf7acf44fe8802bda00b0755b2c2cfa464d1b2e00e975ea1743643d
d31e6f203499c1efa94e5859582715c6fc68ac81ca8a67e5db83bdab78ec7111
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
d90e358ed156765ab72eb7bd74e385661bd54ff5c3e9f99e66fe423fa39bfd0a
db1c5f1903a12837cbfe76d478cda1612a0ff9bda9e502c33954c334d2ed5697
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed1a6ff802c3e71b1c3e732bb37deef071e0ff76f6e75a21c3b1dea2bf28908b
f93e14fd5c9e6b37ef75366cc7da674216303da0df21377ac275abb45f46642f