secure.winred.com Open in urlscan Pro
2606:4700::6812:9b15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://trk.cp20.com/click/gi9p-4n0n8-2syrw-6jgqh90/
Effective URL:
https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring...
Submission: On July 27 via manual (July 27th 2022, 7:34:52 pm UTC) from US — Scanned from CA

Summary HTTP 192 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 40 IPs in 2 countries across 27 domains to perform 192 HTTP transactions. The main IP is 2606:4700::6812:9b15, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 66003.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 5th 2021. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.24.224.100 216.24.224.100	17358 (ETOLL1) (ETOLL1)
10	2606:4700::68... 2606:4700::6812:9b15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	18.67.65.9 18.67.65.9	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:226... 2600:9000:2269:200:0:7d26:ee00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:823::2008	15169 (GOOGLE) (GOOGLE)
50	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4004:c17::5c	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
1 2	142.250.80.70 142.250.80.70	15169 (GOOGLE) (GOOGLE)
2	18.67.84.240 18.67.84.240	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f02... 2a03:2880:f027:212:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:141b:13:... 2600:141b:13::17d7:8299	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2001:4998:14:... 2001:4998:14:800::1001	14777 (YAHOO) (YAHOO)
3	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
2	23.195.109.72 23.195.109.72	16625 (AKAMAI-AS) (AKAMAI-AS)
4	54.221.96.38 54.221.96.38	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:230... 2600:9000:2305:1400:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:5347	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c07::9c	15169 (GOOGLE) (GOOGLE)
1 2	2600:141b:13:... 2600:141b:13::17d7:82b3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 10	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80a::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81d::2004	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
2	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
1	52.24.226.252 52.24.226.252	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::300	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
1	23.52.164.7 23.52.164.7	16625 (AKAMAI-AS) (AKAMAI-AS)
2	54.210.183.161 54.210.183.161	14618 (AMAZON-AES) (AMAZON-AES)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
2 2	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f127:283:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
13	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
1	172.253.115.154 172.253.115.154	15169 (GOOGLE) (GOOGLE)
2	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
192	40

1 216.24.224.100 (Ottawa, Canada) 1 redirects

ASN17358 (ETOLL1, CA)
PTR: trk.cp20.com

trk.cp20.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6812:9b15 (United States)

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.revv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 18.67.65.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-9.iad89.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:824::200a (New York, United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2269:200:0:7d26:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:823::2008 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c17::5c (Washington, United States)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:808::200e (New York, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f6.1e100.net

9381094.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.67.84.240 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-84-240.iad89.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f027:212:face:b00c:0:3 (Chicago, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:8299 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

rtxpx-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4998:14:800::1001 (United States)

ASN14777 (YAHOO, US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.195.109.72 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-109-72.deploy.static.akamaitechnologies.com

p.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.221.96.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-96-38.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2305:1400:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:5347 (United States)

ASN13335 (CLOUDFLARENET, US)

gtm.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c07::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:13::17d7:82b3 (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

stickyid-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.190.43.134 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80a::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81d::2004 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:822::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81f::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.24.226.252 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-24-226-252.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.164.7 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-164-7.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.210.183.161 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-183-161.compute-1.amazonaws.com

rtclx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f127:283:face:b00c:0:25de (Chicago, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:817::200e (New York, United States)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2002 (New York, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.115.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	stripe.com js.stripe.com — Cisco Umbrella Rank: 1872 q.stripe.com — Cisco Umbrella Rank: 14306 r.stripe.com — Cisco Umbrella Rank: 6510 m.stripe.com — Cisco Umbrella Rank: 1639	954 KB
21	google.com pay.google.com — Cisco Umbrella Rank: 3770 adservice.google.com — Cisco Umbrella Rank: 96 www.google.com — Cisco Umbrella Rank: 10 play.google.com — Cisco Umbrella Rank: 51	392 KB
10	snapchat.com 1 redirects tr.snapchat.com — Cisco Umbrella Rank: 921	2 KB
10	winred.com secure.winred.com — Cisco Umbrella Rank: 66003 gtm.winred.com — Cisco Umbrella Rank: 97745	252 KB
7	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 922 trc.taboola.com — Cisco Umbrella Rank: 629 pips.taboola.com — Cisco Umbrella Rank: 1402 cds.taboola.com — Cisco Umbrella Rank: 1315 trc-events.taboola.com — Cisco Umbrella Rank: 1495	22 KB
6	doubleclick.net 1 redirects 9381094.fls.doubleclick.net — Cisco Umbrella Rank: 244951 stats.g.doubleclick.net — Cisco Umbrella Rank: 117 googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 bid.g.doubleclick.net — Cisco Umbrella Rank: 463	5 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	40 KB
4	gstatic.com www.gstatic.com	103 KB
4	google.ca www.google.ca — Cisco Umbrella Rank: 7542 adservice.google.ca — Cisco Umbrella Rank: 12225	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3440	7 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	215 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 93	271 KB
4	cloudfront.net d35ligi1n5bgzc.cloudfront.net	935 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 310	181 KB
3	teads.tv p.teads.tv — Cisco Umbrella Rank: 6075 cm.teads.tv — Cisco Umbrella Rank: 6530 t.teads.tv — Cisco Umbrella Rank: 2133	7 KB
3	yimg.com s.yimg.com — Cisco Umbrella Rank: 381	7 KB
3	akamaihd.net 1 redirects rtxpx-a.akamaihd.net — Cisco Umbrella Rank: 67746 stickyid-a.akamaihd.net — Cisco Umbrella Rank: 73352	32 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	501 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 451	559 B
2	rtclx.com rtclx.com — Cisco Umbrella Rank: 15589	1 KB
2	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 861	879 B
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 2007	18 KB
2	sc-static.net sc-static.net — Cisco Umbrella Rank: 960	16 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 125	15 KB
1	revv.co app.revv.co — Cisco Umbrella Rank: 125614	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1311	5 KB
1	cp20.com 1 redirects trk.cp20.com — Cisco Umbrella Rank: 29397	885 B
192	27

	Domain	Requested by
35	r.stripe.com	js.stripe.com
33	js.stripe.com	secure.winred.com js.stripe.com
15	q.stripe.com	secure.winred.com
13	play.google.com	www.gstatic.com
10	tr.snapchat.com	1 redirects sc-static.net secure.winred.com
9	secure.winred.com	secure.winred.com static.cloudflareinsights.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com secure.winred.com www.gstatic.com
4	www.gstatic.com	pay.google.com www.gstatic.com
4	tags.srv.stackadapt.com	secure.winred.com tags.srv.stackadapt.com
4	connect.facebook.net	secure.winred.com connect.facebook.net
4	pay.google.com	js.stripe.com pay.google.com secure.winred.com www.gstatic.com
4	www.googletagmanager.com	secure.winred.com www.googletagmanager.com
4	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	www.google.ca	secure.winred.com
3	www.google.com	secure.winred.com
3	s.yimg.com	secure.winred.com s.yimg.com
2	trc-events.taboola.com	cdn.taboola.com
2	www.facebook.com	secure.winred.com
2	pixel.tapad.com	2 redirects
2	rtclx.com	rtxpx-a.akamaihd.net
2	sp.analytics.yahoo.com	secure.winred.com
2	stickyid-a.akamaihd.net	1 redirects secure.winred.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	cdn.taboola.com	secure.winred.com cdn.taboola.com
2	sc-static.net	www.googletagmanager.com tr.snapchat.com
2	9381094.fls.doubleclick.net	1 redirects www.googletagmanager.com
1	bid.g.doubleclick.net	www.googleadservices.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	cds.taboola.com	cdn.taboola.com
1	t.teads.tv	secure.winred.com
1	adservice.google.ca	adservice.google.com
1	pips.taboola.com	cdn.taboola.com
1	m.stripe.com	m.stripe.network
1	cm.teads.tv	p.teads.tv
1	adservice.google.com	9381094.fls.doubleclick.net
1	trc.taboola.com	cdn.taboola.com
1	gtm.winred.com	www.googletagmanager.com
1	p.teads.tv	www.googletagmanager.com
1	rtxpx-a.akamaihd.net	secure.winred.com
1	app.revv.co	secure.winred.com
1	static.cloudflareinsights.com	secure.winred.com
1	trk.cp20.com	1 redirects
192	45

This site contains links to these domains. Also see Links.

Domain
winred.com

Subject Issuer	Validity	Valid
www.winred.com DigiCert SHA2 Extended Validation Server CA	`2021-10-05` - `2022-10-26`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2022-05-20` - `2022-09-25`	4 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.revv.co DigiCert SHA2 Secure Server CA	`2021-10-05` - `2022-09-16`	a year	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-25` - `2022-09-08`	4 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-06` - `2022-08-04`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-07-25` - `2022-09-14`	2 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
teads.tv R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-01` - `2023-01-31`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-11` - `2022-10-19`	3 months	crt.sh
1p1eqpotato.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-11` - `2023-03-24`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Frame ID: 6E309E77BF19C14B58C251E40FDC4D9F
Requests: 78 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-d0dc0f6e486a9ceba69783de4ae79bff.html
Frame ID: 4618DC59F281DE09B8D31C1462A9CBE9
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
Frame ID: FE8ABDA92A5C5D06773F356FF877B56F
Requests: 21 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
Frame ID: 5DAB41A64750F067A1B7D28D9F0483EB
Requests: 9 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
Frame ID: A946BF54AB515D941EB3CAA3006B2374
Requests: 29 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html
Frame ID: 7D4718EE29253F7A353317D0B3194F09
Requests: 6 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html
Frame ID: 6EA690E16CDA99494E5FF16ECD3AC864
Requests: 5 HTTP requests in this frame

Frame: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse
Frame ID: 4B05BB702CFA42885F29EDE7AC34E8D0
Requests: 1 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 5C645E00F51A016ABFF3B25185C0B331
Requests: 4 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: BF62C897F4338949733D5863B495EAA7
Requests: 15 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse
Frame ID: 46412AD1B0F6616C87F6C526E8AD4AEF
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=93b1e4af-6eaf-4297-be3d-3d5af2907f10&_scsid=264dcf44-adcf-4338-89e1-b92562ecd047&_sclid=63e5d7f6-d2e9-4d1d-bf10-16f97b476341
Frame ID: 2C18BF215F1F6C3ED1BD0E5C38A59E50
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.ca/ddm/fls/i/dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse
Frame ID: CD02C89A34C999B21B38F4AA6AF8B3D2
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1658872257453&pnid=140&pcid=a58532d9-693c-4f16-b3fe-af7c1658476f
Frame ID: C26679E173172B909E6C6C8F0DF84B60
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
Frame ID: 77A9891BABBB1A1927C4294E611CF7FC
Requests: 8 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: BCB8882F84F24E62A625E80A44EEDCC2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Official Corrupt Media Survey

Page URL History Show full URLs

https://trk.cp20.com/click/gi9p-4n0n8-2syrw-6jgqh90/ HTTP 302
https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

192
Requests

99 %
HTTPS

56 %
IPv6

27
Domains

45
Subdomains

40
IPs

2
Countries

3483 kB
Transfer

9767 kB
Size

40
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://trk.cp20.com/click/gi9p-4n0n8-2syrw-6jgqh90/ HTTP 302
https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse HTTP 302
https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse

Request Chain 97

https://stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fsecure.winred.com HTTP 302
https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com

Request Chain 137

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1658950486517&_scsid=e3ddc3bf-f1f2-490c-a511-29e49e1a15ad&_sclid=0761fc03-139a-4627-96ba-4b37bdf585d7 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1658872257453%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1658872257453%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://tr.snapchat.com/cm/p?rand=1658872257453&pnid=140&pcid=a58532d9-693c-4f16-b3fe-af7c1658476f

192 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request corrupt-media-survey-ty-c001-ext001 Show response
secure.winred.com/save-america-joint-fundraising-committee/
Redirect Chain

https://trk.cp20.com/click/gi9p-4n0n8-2syrw-6jgqh90/
https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_c...

64 KB
14 KB

206ms
93ms

Document
text/html

2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d2664a95e11876d3c3c14efc51b7b143ff4fdfe3a867a91105efd1c0b05221f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7317d073aa32ecf2-YUL
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:34:45 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rack-cors: miss; no-origin
x-request-id: d91b9a23-3fe6-4180-a28f-e5ffe8c86211
x-revv-cache: Hit from Revv
x-runtime: 0.027559
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: private
Content-Length: 493
Content-Type: text/html; charset=utf-8
Date: Wed, 27 Jul 2022 19:34:44 GMT
Location: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Refresh: 0; URL=https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Server: TRK03

GET
H2 200 / Show response
js.stripe.com/v3/ 314 KB
77 KB 114ms
36ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

12ac873735606cdf78cdde822341c994a8d8fba32f9c1766d1bd1918c60c3247

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 29
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:20 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:39:30 GMT
server: Cloudfront
etag: W/"ad71fdade753fe44133df1008cdaed08"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: QAGqoSErwT3AWMqDN6BPXIwgCzP9J1m9uGgtWwZrMwui2Mo5olMc0A==

GET
H2 200 landing_page-3f469eed0c9887f20129d843d91c0a30548408cbf86c47356db20e81a2077f48.css
secure.winred.com/assets/ 218 KB
34 KB 38ms
37ms Stylesheet
text/css 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-3f469eed0c9887f20129d843d91c0a30548408cbf86c47356db20e81a2077f48.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e8fd4ed0ff95a36c90f1d4f977f1678a3330b9d30ec4ee2beb715ad509bde4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3850
cf-polished: origSize=226636
last-modified: Fri, 24 Jun 2022 00:13:25 GMT
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 5X88C7Z6JGF00MGS
x-amz-id-2: dvGUE8cgHcBR6o7hiZWa/MjpO2XpwgAvC9AEZm9IvTy+fMMwLt0+uqEUF503ha4o6vyWys2N918=
cf-bgj: minify
server: cloudflare
etag: W/"3f0632989490eddd431d569313e7bbfc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
x-amz-version-id: ycWGdkwxlap7tkRKqMP0Iuk287b5W1fW
cf-ray: 7317d0744addecf2-YUL
expires: Wed, 27 Jul 2022 23:34:45 GMT

GET
H2 200 1658442014.css
secure.winred.com/stylesheets/rv_page_01fzbnba2vzbs0340gy5bdnr74/ 7 KB
2 KB 62ms
61ms Stylesheet
text/css 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01fzbnba2vzbs0340gy5bdnr74/1658442014.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e19981c96ee0926f90d42d3cf6f7bfe6e870a9385efdf708cb65580c00c4351e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origSize=7267
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d866afb7-0109-49de-a40b-ad4403c9afb4
x-runtime: 0.033313
expires: Fri, 28 Jul 2023 01:23:57 GMT
last-modified: Wed, 27 Jul 2022 17:05:15 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=31556952
cf-ray: 7317d0744ae1ecf2-YUL
cf-bgj: minify

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 169 KB
56 KB 100ms
54ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

721f27f8e0e6eee8667c68f054a2d97d4e4c9ac1cb683916281fb12676ab4b60

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=25
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56477
x-xss-protection: 0
expires: Wed, 27 Jul 2022 20:04:45 GMT

GET
H2 200 application-landing-page-0311abde9defb7e0375de216f229e60fc6598d14548069533adcb14239ff0f75.js Show response
secure.winred.com/assets/ 624 KB
175 KB 45ms
44ms Script
application/javascript 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-0311abde9defb7e0375de216f229e60fc6598d14548069533adcb14239ff0f75.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bcc2f5700645030bb39baa0fe27f7ca185d9304e4667ad70af5ab84a5e8d88a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2485
cf-polished: origSize=639584
last-modified: Tue, 26 Jul 2022 23:38:19 GMT
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: G4N7N5S1M29V5GBA
x-amz-id-2: LVDro6qZx6KnGF1W0U7vA6nB516+owxCU0fxik62n9IaJQAnKVexukgY/cg1rC1ysjrAemjlqjI=
cf-bgj: minify
server: cloudflare
etag: W/"bd09685e5707acd93ade5e9a17316ddc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: uG4S_o6xoia6aEVLQC1JvtY25DyCOpSf
cf-ray: 7317d0744ae4ecf2-YUL
expires: Wed, 27 Jul 2022 23:34:45 GMT

GET
H3 200 api.js Show response
secure.winred.com/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 63ms
63ms Script
text/javascript 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=604800, public
cf-ray: 7317d0757f914bd7-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 SaveAmericaPAC_Logo_RGB.png
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/075/635/large/ 7 KB
8 KB 108ms
28ms Image
image/png 2600:9000:2269:200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/075/635/large/SaveAmericaPAC_Logo_RGB.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2269:200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf4bf73b7c49f47411971fecc9b5a50a7726be6a7cd6bc1413fd56d8fcfc221d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: wuVmUgpz7rY7t0ORjTAvluytxJmwIuSP
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
etag: "3f033a8b8af2707e6e15b423d5261020"
last-modified: Sun, 28 Feb 2021 21:08:00 GMT
server: AmazonS3
age: 71353
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
date: Tue, 26 Jul 2022 23:45:33 GMT
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
content-length: 7634
x-amz-cf-id: 7cUWo4WZt_rJh1StHf6lsYSMP1uomd5n2hCeP4zMynXHf7UBfN7Brw==

GET
H2 200 20210818_Save-america_pop-ups-02.jpg
d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/109/093/medium/ 56 KB
57 KB 114ms
33ms Image
image/jpeg 2600:9000:2269:200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/109/093/medium/20210818_Save-america_pop-ups-02.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2269:200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 351cfd3dd83c7a6cc2744f0ce89f9c21ea91f9e1c9e4af5e398718794c6bc5b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 26 Jul 2022 20:57:47 GMT
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
last-modified: Thu, 19 Aug 2021 15:04:50 GMT
server: AmazonS3
age: 81419
etag: "14c5c2824c44d728a8582f096f5ea895"
x-cache: Hit from cloudfront
x-amz-version-id: BBaqGLmITTje3ORQecqQuBJb3LKDbU4J
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
content-type: image/jpeg
content-length: 57492
x-amz-cf-id: jET--K7St38SyWFUeyyXaZ278NB8klAs_UQow6OLwSscdO7I9N5ULg==

GET
H2 200 potus_headshot.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/ 22 KB
22 KB 139ms
60ms Image
image/png 2600:9000:2269:200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/potus_headshot.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2269:200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: 6HYtNhcBxi6F_uJ2AY87Rc_xOq3TeHoz
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
etag: "e595f679c10699fedef3c779e864cdd9"
last-modified: Sat, 17 Jul 2021 20:11:51 GMT
server: AmazonS3
age: 22926
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
date: Wed, 27 Jul 2022 13:12:40 GMT
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
content-length: 22449
x-amz-cf-id: v8PUWoKQSN0Hy4s10IiWGyp7xj83y4Zd4oO-59cxRSyFkVBMXMnc1Q==

GET
H3 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 35ms
32ms Image
image/webp 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2273
cf-polished: origFmt=png, origSize=11635
content-length: 8708
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4W68MEN08CD8C6MJ
x-amz-id-2: jpkwJR67JskAbCnTmR/gyok/co0cJcPPrIi0DGQxeZtwZwkKq/W35QlUi190xA8gLlEh4vACOW4=
expires: Wed, 27 Jul 2022 23:34:45 GMT
last-modified: Fri, 24 Jun 2022 16:14:57 GMT
server: cloudflare
etag: "972c0cca8d1e490484e89513f902e847"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: image/webp
vary: Accept
cache-control: public, max-age=14400
x-amz-version-id: iGOmS.DkL5B0PBkPGW6Wv_vQbQk4V7kX
accept-ranges: bytes
cf-ray: 7317d0759fc84bd7-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
8 KB 69ms
66ms Image
image/svg+xml 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3850
content-type: image/svg+xml
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6FRNMEY8XN607BJK
x-amz-id-2: r2+Viik0Vzzk5gGovg1AdMO0SqibysJIhEOj/Ty57jW8sHnnMOKYUEKoFpNPKni13FVdVQoFUqg=
last-modified: Fri, 24 Jun 2022 16:14:57 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Z_BIUKNnyCcWwi7h_bzxpdWw5axCT6Ys
cache-control: public, max-age=14400
cf-ray: 7317d075d8364bd7-YUL
expires: Wed, 27 Jul 2022 23:34:45 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 85ms
52ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://secure.winred.com/
Origin: https://secure.winred.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7317d075cd2b715a-YUL

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 324 KB
73 KB 97ms
46ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf9d70b457b34e5c423530d39741a2683d3839d4c830dd7ba9115d1f399e8c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73745
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jul 2022 19:34:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 250 KB
83 KB 133ms
83ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94eca203865859d2384cd4b5f61ebfa8ba21ec7e2dc7a05e1bfa656cb72bccf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84866
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jul 2022 19:34:45 GMT

GET
H2 200 20210604_save-america_winred-backgrounds_winred-desktop_v2.png
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/091/863/large/ 847 KB
848 KB 147ms
72ms Image
image/png 2600:9000:2269:200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/091/863/large/20210604_save-america_winred-backgrounds_winred-desktop_v2.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01fzbnba2vzbs0340gy5bdnr74/1658442014.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2269:200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e23a283ea2f115f4ca4d5a333e33adbc7979850dfec16960020604fd5fdb64ff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 27 Jul 2022 11:14:39 GMT
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
last-modified: Sun, 18 Jul 2021 21:46:17 GMT
server: AmazonS3
age: 30007
etag: "2950594fdc21f67cd4b562991c8fa9d1"
x-cache: Hit from cloudfront
x-amz-version-id: K88K_9vdWeBo8zapO8418Z4aiz8vqJPh
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
content-type: image/png
content-length: 867170
x-amz-cf-id: nedgGXf56yiXbZ-uDtp81kJ4cr8HIcPqd4Xjl6dHA8Na4vaGm9Z0AA==

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 90ms
47ms XHR
application/json 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 m-outer-d0dc0f6e486a9ceba69783de4ae79bff.html Show response
js.stripe.com/v3/ Frame 4618 240 B
1 KB 26ms
25ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-d0dc0f6e486a9ceba69783de4ae79bff.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

b8851b9e75e2d6aa73dd29fb0c18517c4f22ad1faa26c0c89c9afa92bfeeac34

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 390
cache-control: max-age=31536000
content-length: 240
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:28:15 GMT
etag: "d0dc0f6e486a9ceba69783de4ae79bff"
last-modified: Tue, 26 Jul 2022 14:06:05 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: S_JXfSRWV-ZIYEKfg6jq8hjMX4cPrnfatzknfg8NgfF1UGqkfkMLaw==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 controller-47f574aea61cb6b3d4e409f9075839ec.html Show response
js.stripe.com/v3/ Frame FE8A 349 B
1 KB 27ms
27ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

d861c91efb53e0aca72f5d022c43eca3e4079ed3cd1b241e14414e7d0b16ec0f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 52
cache-control: max-age=60
content-length: 349
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:34:12 GMT
etag: "47f574aea61cb6b3d4e409f9075839ec"
last-modified: Tue, 26 Jul 2022 14:05:54 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: 3myqHYLmvuwE6Uat5mdUEb0ZwVfaw47k-c9gq6_Qui2PVbzOdm55gA==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html Show response
js.stripe.com/v3/ Frame 5DAB 807 B
2 KB 26ms
25ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

6ca57f3fc1fc659cba236965dc70c939dc50cc1fb8684b8034ed86824d1077cc

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3265
cache-control: max-age=31536000
content-length: 807
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 18:40:24 GMT
etag: "5eb6ec82fbacfe21618e499d444d7317"
last-modified: Tue, 26 Jul 2022 14:05:54 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: AVjv5tQqSun6VxEWw83S0T4AeOC5Lg0eqyv3H1QeH74xfLnIxb6VYw==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 current_with_info Show response
app.revv.co/api/v3/users/ 162 B
1 KB 135ms
73ms XHR
application/vnd.api+json 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-0311abde9defb7e0375de216f229e60fc6598d14548069533adcb14239ff0f75.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21646555e9eefab70d22622a9dc9124c7e39ec2aebb020ab713e6951a8839607

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
date: Wed, 27 Jul 2022 19:34:45 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
cf-cache-status: DYNAMIC
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 0
x-rack-cors-original-access-control-expose-headers
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: 244b2ad9-b40a-4a5f-8783-658d252cf612
x-runtime: 0.010741
server: cloudflare
etag: W/"21646555e9eefab70d22622a9dc9124c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
vary: Origin
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 7317d0771861ecfa-YUL
x-rack-cors: hit
x-content-type-options: nosniff
access-control-expose-headers

GET
H2 200 controller-47f574aea61cb6b3d4e409f9075839ec.html Show response
js.stripe.com/v3/ Frame A946 349 B
1 KB 29ms
28ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

d861c91efb53e0aca72f5d022c43eca3e4079ed3cd1b241e14414e7d0b16ec0f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 52
cache-control: max-age=60
content-length: 349
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:34:12 GMT
etag: "47f574aea61cb6b3d4e409f9075839ec"
last-modified: Tue, 26 Jul 2022 14:05:54 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: vjJ7RouaX2ehnRpABm8mvZc8MlAEgKMQy5NjfRlvZcHH1NI33MGIlw==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html Show response
js.stripe.com/v3/ Frame 7D47 434 B
1 KB 30ms
29ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

48283ccfdc4928a0b59641137c3f4cb1a5a368258ca1e5aeda6959d2ed11586e

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 54
cache-control: max-age=60
content-length: 434
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'none'; font-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:33:52 GMT
etag: "47b5f544945efa53adef72af2cf3bc6c"
last-modified: Tue, 26 Jul 2022 14:06:05 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: SGHpnSecT5YP_RtXWynwhaD51SEkqtNDsgWUPzMEFTLsYzHqiqJUtQ==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html Show response
js.stripe.com/v3/ Frame 6EA6 370 B
2 KB 28ms
28ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

d27141c72417f7daf04b2a8b44f67b584557e11c131774110f47d1d9964b6ca8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 27
cache-control: max-age=60
content-length: 370
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:34:45 GMT
etag: "dce2988343465dda3a5e55f2dad2a843"
last-modified: Tue, 26 Jul 2022 14:06:05 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: qDE1AYnwb9tVbgrzFeeqQax0-PyWJyaRAdgXpgh5wjMV2SDbZYoViQ==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 csp-report
q.stripe.com/ Frame 4618 0
571 B 499ms
314ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 4618 0
571 B 498ms
314ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame FE8A 0
570 B 427ms
245ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame FE8A 0
570 B 428ms
247ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 5DAB 0
571 B 489ms
315ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 56
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 5DAB 0
570 B 419ms
246ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-816bed7f7cc2dc3ccb1ea9bc9bf77d7a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 4618 526 B
1022 B 27ms
26ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-816bed7f7cc2dc3ccb1ea9bc9bf77d7a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-d0dc0f6e486a9ceba69783de4ae79bff.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-d0dc0f6e486a9ceba69783de4ae79bff.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:16 GMT
content-length: 526
last-modified: Tue, 26 Jul 2022 14:06:03 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: sxP4fSpZhSZvQhau1K3czaQPDboBDpcsPJSH56QI_QwklEaJ3Vamsg==

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame FE8A 226 KB
55 KB 30ms
29ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: HORNLqapaHZhlP7aqG1KN-JpKek_ttPjmi2lrh1ecImiaA7TW7S0eg==

GET
H2 200 controller-5251b034bf5923fb1847cd67ae4199be.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame FE8A 367 KB
99 KB 37ms
37ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

01806685e5053e07867c6727615e8fb22f4090b6c86c7d5ab10f4b54e44e125f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 52
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:19 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:02 GMT
server: Cloudfront
etag: W/"9488a31151bcb83831d1f52960e1b562"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: VeRA1P2gwnpnDilO1L9CevT6wwnwIvH-KXsb2WhZY-4wqiuVgh4dVg==

POST
H2 200 csp-report
q.stripe.com/ Frame A946 0
570 B 398ms
237ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame A946 0
571 B 475ms
315ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 56
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 7D47 0
571 B 388ms
237ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 7D47 0
570 B 397ms
246ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 6EA6 0
570 B 391ms
245ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 6EA6 0
570 B 390ms
244ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 ui-shared-6523f054caa63f18f26a2209c2ddbfc4.css
js.stripe.com/v3/fingerprinted/css/ Frame 5DAB 18 KB
3 KB 36ms
35ms Stylesheet
text/css 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-6523f054caa63f18f26a2209c2ddbfc4.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

08ec903b4346a3f3c29ddcccfd77d3a8a438cc262efc44261904f08c3bca2911

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 10
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:45 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Mon, 25 Jul 2022 18:22:18 GMT
server: Cloudfront
etag: W/"26107d35cc222dfbed2ac5f33ec26746"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: 8met4JlrRUhX65Wqp4JrUEjNE0YEVj40wXPcB02AwqJwDSGJf33zJA==

GET
H2 200 elements-inner-card-27ca893a60852d1b2861657a398b2178.css
js.stripe.com/v3/fingerprinted/css/ Frame 5DAB 5 KB
1 KB 41ms
40ms Stylesheet
text/css 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-card-27ca893a60852d1b2861657a398b2178.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

406aee8e16677422cfdda788d097fec2bb6440a2aa9ce5e574bb7f9eb3fa024a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 30
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:34 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Mon, 25 Jul 2022 18:22:18 GMT
server: Cloudfront
etag: W/"470227332039df6189bb16ef598336e5"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: a3vOdlJIovA9Hs7CBGuFFfDrjFIF0to7WuhFVecysN6qB7WFbWsD8A==

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5DAB 226 KB
55 KB 37ms
36ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: LMtZ-8ZiaLvwgQcpcOOGNglOAp0Eez5Y8tVatBF4AuRRlzRKA-ZN7Q==

GET
H2 200 ui-shared-fbeeaea8a6caa8371a54d8f27a684891.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5DAB 208 KB
60 KB 37ms
36ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-fbeeaea8a6caa8371a54d8f27a684891.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a94301016404426c0f632f42c6ae88b5eaf90b596c8ea1610aac254b055337b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 15
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:34 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"23e2b323b8260b59adee27968730eef1"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: N9s0BC8idUzeixkAzPsz1wqzutnLjXYQCpbyc6qe7POvVUrtR5UyLA==

GET
H2 200 elements-inner-card-27d2a864d790b85e5684f4c5094dc996.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5DAB 46 KB
12 KB 53ms
53ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-card-27d2a864d790b85e5684f4c5094dc996.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

e47944ce8eea2607994a5fdc426a68a6456f61c62f49850f89e5706e440ac943

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 12
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:34 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:02 GMT
server: Cloudfront
etag: W/"580a7338104cf2c8d70b894c4b99bdd4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: fR7KFkYfyk6ijMfhnuRbbnrZ8CstBDFDk_mtXguqYZdGZpnQZ1EDQA==

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A946 226 KB
55 KB 27ms
27ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: W5LR3JtPBqF6rjSJBE0cPPxrLt0Nuv_j6lpQ-sD1Cly0nKgNS2UlaA==

GET
H2 200 controller-5251b034bf5923fb1847cd67ae4199be.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A946 367 KB
99 KB 33ms
33ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

01806685e5053e07867c6727615e8fb22f4090b6c86c7d5ab10f4b54e44e125f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 52
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:19 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:02 GMT
server: Cloudfront
etag: W/"9488a31151bcb83831d1f52960e1b562"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: giMKncP2pzTcqVZ3OybiIoxAmSBX6BdrePX75yAsG5TE_8Uu-iSK4g==

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 7D47 95 KB
31 KB 130ms
59ms Script
application/javascript 2607:f8b0:4004:c17::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ae8ab2b6e48fdef457c84b2b32b1e7a980579dfc50622ee62fcc515b68752399

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KxuFrqXO-BbdxE_qJCIlbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-KxuFrqXO-BbdxE_qJCIlbA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-KxuFrqXO-BbdxE_qJCIlbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-KxuFrqXO-BbdxE_qJCIlbA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
expires: Wed, 27 Jul 2022 19:34:45 GMT

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7D47 226 KB
55 KB 41ms
40ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: a9o_HI5iVY2MQyxj9xJc7sovE9-QHLJk3YHjARr7flAma-MGpAAgxQ==

GET
H2 200 payment-request-inner-google-pay-c9bfaf43adfd6f83e7af8e7ad72c7fe1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7D47 14 KB
5 KB 48ms
48ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-c9bfaf43adfd6f83e7af8e7ad72c7fe1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

e0b0f145c7e2d4dc088034e19c6f9d802468f4bbae83df9b84129a19a5ceef9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-47b5f544945efa53adef72af2cf3bc6c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 48
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:45 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:03 GMT
server: Cloudfront
etag: W/"a48d9556005e9dc54d34c45fa9167545"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: xJZP_xIbPw_TKaZofyr4QzDsOxh1T9JbtH5-jedGVXNCazDnfOci2Q==

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6EA6 226 KB
55 KB 43ms
43ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 6
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: CFZC9n10Ef9FipEK6lpn7OM1iJmvhxPVMBcKZHCcFUyhZjqgFBSQNQ==

GET
H2 200 payment-request-inner-browser-1cfd75b15c15c323e6b85867a2e639a4.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6EA6 12 KB
5 KB 48ms
48ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-1cfd75b15c15c323e6b85867a2e639a4.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

9fbd0e0a2695ed3b76a92490df70ed2a152492204c2b2ee753c5f0e16d609f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-dce2988343465dda3a5e55f2dad2a843.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 3
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:45 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:03 GMT
server: Cloudfront
etag: W/"e05740f3970ec44bb2bc2e9183c28bc8"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: FPO24IOHwfWMZ5xIpbUw3xtezA7aGM798qCOIH9nJgow_e9MxCWGCw==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 200 KB
71 KB 88ms
40ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a59fd3c6769c60728d583fac1e834527ac1564fd9d2c82df3dd421d6e2c39357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72754
x-xss-protection: 0
expires: Wed, 27 Jul 2022 19:34:45 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 74ms
19ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4153
date: Wed, 27 Jul 2022 18:25:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 27 Jul 2022 20:25:32 GMT

GET
H3

200

activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-f... Show response
9381094.fls.doubleclick.net/ Frame 4B05
Redirect Chain

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint...
https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecu...

838 B
620 B

79ms
37ms

Document
text/html

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

9405f3797e5a5fa47d24ba4440b54ec4c82ff557fdb4b6745c278fd6a3b3ea96

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 595
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jul 2022 19:34:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jul 2022 19:34:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 scevent.min.js Show response
sc-static.net/ 22 KB
8 KB 106ms
42ms Script
application/javascript 18.67.84.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-84-240.iad89.r.cloudfront.net
Software: CloudFront /
Resource Hash: 37890dea5b2726064a174b28b90faf16d51fed898d0f37e2fb0342161593d68c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:45 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: IAD89-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 7821
via: 1.1 478e42d78af3de35728ba409bf63e348.cloudfront.net (CloudFront)
x-amz-cf-id: 2Kfg-9AYhYVuLEmOsfIibAzsUMcm3aqMUe7S9p9Z4r2DRhJC-pw4eg==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 88ms
28ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be7fd4a76d16eaf0869c22ccbe53a3baa540ae5cabcc08dd9dc40f68268b883d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26085
x-xss-protection: 0
pragma: public
x-fb-debug: aV9V8QVC36E37cMzy/M0j1cT8h527uUEgy4CPY5o/FXet2kFqhCYWQh6kS2OPvfsaC/BOgc/F+FsaxFK89fyzg==
x-fb-trip-id: 1781455057
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 27 Jul 2022 19:34:45 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK main.js Show response
rtxpx-a.akamaihd.net/ 91 KB
31 KB 98ms
24ms Script
application/javascript 2600:141b:13::17d7:8299
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtxpx-a.akamaihd.net/main.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2600:141b:13::17d7:8299 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1cd6e55f30592f2d07f9d038d85872e5d4fe5b079c86cadf29a3776694593d7b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 19:34:45 GMT
Content-Encoding: gzip
x-amz-request-id: D7F288384DD2413B
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 30922
x-amz-id-2: efxhD5lxtdA+bj0wH4T6QZ66krnFumsZtQJ3kss04lMOYqJBa5h8HlBN65JkkMfDE+n9k29Rc/c=
Pragma: no-cache
Last-Modified: Thu, 28 Jan 2021 21:02:34 GMT
Server: AmazonS3
ETag: "0e00eda4d7973d0a511ce8aae95bef1c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-cache, no-store
Accept-Ranges: bytes
Expires: Wed, 27 Jul 2022 19:34:45 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 16 KB
6 KB 105ms
31ms Script
application/javascript 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: 616QDRCSW1TAT8DR
x-amz-id-2: EDbuhtEQyuzB7L0YBYXjfFJvJn+rTWeV1RJjM/iejTMgUIBX5npKZFFmX3ZriEJZPT/S6F7pq68=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
server: ATS
etag: "6a624022b5d271dcefb070b0b6670abc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1455772/ 57 KB
18 KB 49ms
14ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1455772/tfa.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 275a87e6da00b4fdd62abb2a2d28efff5aa886ea993b30f085a4767fa6c649b2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: 4GVtThyBUyRA3CAhYhr64cK8vnZpu3xF
content-encoding: gzip
etag: "6261c7dfc55a45fd716da2d23ccb1627"
age: 10699
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 17846
x-amz-id-2: CNs+js5XFJBE2wrq407VOL+lkCqSL8UVIJ0SgW8sYFOi8kjhvdRMAdVDKM+5QnFWaNs982kXe1Q=
x-served-by: cache-yul12828-YUL
last-modified: Tue, 26 Jul 2022 09:49:39 GMT
server: AmazonS3
x-timer: S1658950486.854483,VS0,VE0
date: Wed, 27 Jul 2022 19:34:45 GMT
vary: Accept-Encoding
x-amz-request-id: D986Z00213SK774P
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 90
x-cache-hits: 13

GET
H/1.1 200
OK teads-fellow.js Show response
p.teads.tv/ 17 KB
6 KB 105ms
19ms Script
application/javascript 23.195.109.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.teads.tv/teads-fellow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.109.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-109-72.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7fc4e7e24bdfb9955a95e4ff4904f160455ff3ff48fd88aead4bad5153ba0a67

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 27 Jul 2022 19:34:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jun 2022 07:41:03 GMT
Server: AmazonS3
x-amz-request-id: MXZ0XYCK49WK1NBY
ETag: "a483ab54f15ef5b4755923baf02b68cb"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=168
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5706
x-amz-id-2: PA483Br5uGHuPWPc3MvRa4TImPTaN6Y25AosfM1ONhdlmsdhS+mBBv7/RViGFVlmk5Mk0aOvp3o=

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 330ms
26ms Script
text/javascript 54.221.96.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.96.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-96-38.compute-1.amazonaws.com
Software: /
Resource Hash: aab3a3fd4843bc3b28d07a0f6e3b220bc9468cfcf1a173aaab365a9c0574fe7d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 27 Jul 2022 19:34:46 GMT
Content-Encoding: gzip
Cache-Control: max-age=5
Content-Length: 5409
Connection: keep-alive
Content-Type: text/javascript

POST
H3 204 result Show response
secure.winred.com/cdn-cgi/bm/cv/ 0
497 B 23ms
23ms XHR
text/plain 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/bm/cv/result?req_id=7317d073aa32ecf2

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
date: Wed, 27 Jul 2022 19:34:45 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-ray: 7317d0788c8d4bd7-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 5C64 930 B
2 KB 101ms
25ms Document
text/html 2600:9000:2305:1400:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-816bed7f7cc2dc3ccb1ea9bc9bf77d7a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2305:1400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 109
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:32:57 GMT
etag: "fc2e029628f163bb59adc6fa5a31161c"
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 4b0dd366e44414a4e7e6ed6970080d58.cloudfront.net (CloudFront)
x-amz-cf-id: KUQO6GjUbsi4e0CKeIh6Lrmh_WB3XdPcqM_WdioFE_YvAWOe5czaoQ==
x-amz-cf-pop: IAD89-P2
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 1489-423d1329423fd360f27316019b22a0c7.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame FE8A 231 KB
58 KB 33ms
32ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/1489-423d1329423fd360f27316019b22a0c7.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ce3dc891c88609c872bc8f424a458d92980c0d34f97641b3869206bcab568f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 35
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:12 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 20:19:04 GMT
server: Cloudfront
etag: W/"e6ae44448e6759cb629b27f1c4896477"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: Y26Iojj3OLGG1gp--WqZkT0xpqn4zNhOYSX1d40G3eJhgPYVzHvYcg==

GET
H2 200 phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame FE8A 2 KB
1 KB 37ms
37ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

7a15a7c250eb25e8a28fa5e020fc15d656966115577ba4f51c19274149a48e56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 54
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:12 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 20:19:07 GMT
server: Cloudfront
etag: W/"f1717e2e478c68d16ccd7b37768700be"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: 1gCf3ifdfJd4_epRrvzbA83YLfiZU3iXuUsQ4G2jq6d4gFO7GOP_qg==

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 98ms
95ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:45 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 countryRanges-2362ae52e66bb2e80a8043e5add253fa.json Show response
js.stripe.com/v3/fingerprinted/data/ Frame 5DAB 143 KB
36 KB 80ms
31ms Fetch
application/json 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/data/countryRanges-2362ae52e66bb2e80a8043e5add253fa.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

6de48c97b08bca88630c7a68fe36fe18a43010ed4d33add156a505fb84176694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-5eb6ec82fbacfe21618e499d444d7317.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 40
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 4a66fbee8ce857225d1bddf53b79420c.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 23:50:46 GMT
server: Cloudfront
etag: W/"2362ae52e66bb2e80a8043e5add253fa"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: HiYi2KaGi1lemg-NGSSYxxQ1k9-E-Rgb0pv-sXwYJM1wkqjoykTPdA==

GET
H2 200 1489-423d1329423fd360f27316019b22a0c7.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A946 231 KB
58 KB 26ms
25ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/1489-423d1329423fd360f27316019b22a0c7.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ce3dc891c88609c872bc8f424a458d92980c0d34f97641b3869206bcab568f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 36
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:12 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 20:19:04 GMT
server: Cloudfront
etag: W/"e6ae44448e6759cb629b27f1c4896477"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: BkLQKPVCkehHB8NldkHIVp5BJFs_oMwmQwmlvJPHM9zJzkQY-_IyPg==

GET
H2 200 phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A946 2 KB
1 KB 35ms
35ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-5251b034bf5923fb1847cd67ae4199be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

7a15a7c250eb25e8a28fa5e020fc15d656966115577ba4f51c19274149a48e56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-47f574aea61cb6b3d4e409f9075839ec.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 55
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:12 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 20:19:07 GMT
server: Cloudfront
etag: W/"f1717e2e478c68d16ccd7b37768700be"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: GwAw6_DXoxmKZcf6OojCcJmvDSAk6Hokg84gshCbY9qHD4HFqRkoKw==

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 107ms
107ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 csp-report
q.stripe.com/ Frame 5C64 0
344 B 93ms
93ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
x-robots-tag: none
content-length: 0
x-content-type-options: nosniff
expires: 0

GET
H2 200 collect Show response
gtm.winred.com/g/ 65 B
674 B 157ms
115ms XHR
text/plain 2606:4700::6811:5347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=2oe7p0&_p=8775735&_z=ccd.v9B&cid=17586468.1658950486&ul=en-us&sr=1600x1200&_fplc=0&_s=1&sid=1658950486&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&dt=Official%20Corrupt%20Media%20Survey&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5347 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 7317d07a2a84ece6-YUL
date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 166ms
165ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 164ms
164ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 163ms
163ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 164ms
164ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 161ms
160ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 161ms
160ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 141ms
140ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 json Show response
trc.taboola.com/1455772/trc/3/ 2 KB
2 KB 51ms
42ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1455772/trc/3/json?tim=1658950486106&data=%7B%22id%22%3A334%2C%22ii%22%3A%22%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1658950486100%2C%22cv%22%3A%2220220726-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dsaveamerica-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1658950486105%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A29%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1455772/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 41165cee77bd59988867830fc4f91931f4689f4b795c29a7d453fcba1c5f16df

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-vcl-time-ms: 31
date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: nginx
x-timer: S1658950486.123449,VS0,VE31
x-served-by: cache-yul12828-YUL
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 payframe Show response
pay.google.com/gp/p/ui/ Frame BF62 18 KB
7 KB 113ms
63ms Document
text/html 2607:f8b0:4004:c17::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

39bae2021ad7a2ea6399594ad4cff22d75bf21c77058da01cbaf289f3b4fe7de

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yMvd5aB1aHcpCWXRyO5gDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-yMvd5aB1aHcpCWXRyO5gDQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-yMvd5aB1aHcpCWXRyO5gDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-yMvd5aB1aHcpCWXRyO5gDQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Wed, 27 Jul 2022 19:34:46 GMT
expires: Wed, 27 Jul 2022 19:34:46 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 84ms
33ms XHR
text/plain 2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-73658561-7&cid=17586468.1658950486&jid=1678791774&gjid=713784158&_gid=1839716794.1658950486&_u=YCDAiEABBAAAAE~&z=510466722

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jul 2022 19:34:46 GMT
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 75ms
34ms XHR
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=8775735&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ul=en-us&de=UTF-8&dt=Official%20Corrupt%20Media%20Survey&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAAG~&jid=1186288760&gjid=980504624&cid=17586468.1658950486&tid=UA-60901920-1&_gid=1839716794.1658950486&_r=1&gtm=2wg7p0M27JCG&z=172780688

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 58ms
20ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=8775735&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ul=en-us&de=UTF-8&dt=Official%20Corrupt%20Media%20Survey&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABB~&jid=1678791774&gjid=713784158&cid=17586468.1658950486&tid=UA-73658561-7&_gid=1839716794.1658950486&gtm=2wg7p0NTQZ9N&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&z=1208580775

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 11:01:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30786
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 59ms
21ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=8775735&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ul=en-us&de=UTF-8&dt=Official%20Corrupt%20Media%20Survey&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=YCDAiEABBAAAAE~&jid=&gjid=&cid=17586468.1658950486&tid=UA-73658561-7&_gid=1839716794.1658950486&gtm=2wg7p0NTQZ9N&cd41=anonymous&cd58=f&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&z=731189296

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 11:01:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30786
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 59ms
22ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 11:01:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30786
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 106ms
106ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 106ms
106ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 106ms
106ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 103ms
103ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 179ms
179ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 179ms
179ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 177ms
176ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 177ms
177ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 177ms
177ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 178ms
178ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 328ms
27ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.66

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d4edbbe1037c50c8ffa90860286c8166860ad9da450ed5e16a28e2fc9bce3c23

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 20715
x-xss-protection: 0
pragma: public
x-fb-debug: t5Jez8tbHY/Kf2GWMnNVfyhxxZVXc+hluLbiGSCN9gimMFLD8G+9ut5acRBTqzw50mdAOR93Bp5COcGWWBKUQg==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Wed, 27 Jul 2022 19:34:46 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2558854747672869 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 337ms
36ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2558854747672869?v=2.9.66&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

19bb040944b86111f3f3b564e471c0f48b3f6377014edc51c79dc12b454ee4e3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86031
x-xss-protection: 0
pragma: public
x-fb-debug: qzKyWZXktaWa6pKvceqPA9+Dr7NyBa2aGYj1pX4lJ/WqQbxY5DTqWIehrBBiNx/t+YkeARwglWXh1/WP6JRp4w==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Wed, 27 Jul 2022 19:34:46 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050

200

id Show response
stickyid-a.akamaihd.net/
Redirect Chain

https://stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fsecure.winred.com
https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com

90 B
533 B

78ms
34ms

XHR
application/json

2600:141b:13::17d7:82b3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H3-Q050
Server: 2600:141b:13::17d7:82b3 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a87489d8da9102fcc56045c7625e5481d50ff6245c1320f0a67aaa69a21dcc28

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
server: AkamaiNetStorage
etag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
quic-version: Q050
p3p: CP="We do not have a P3P policy."
access-control-allow-origin: https://secure.winred.com
cache-control: max-age=0, no-cache, no-store, private
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 90
expires: Wed, 27 Jul 2022 19:34:46 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Jul 2022 19:34:46 GMT
Server: AkamaiNetStorage
ETag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
Location: /id?cc=1&o=https%3A%2F%2Fsecure.winred.com
P3P: CP="We do not have a P3P policy."
Access-Control-Allow-Origin: https://secure.winred.com
Cache-Control: max-age=0, no-cache, no-store, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 154
Expires: Wed, 27 Jul 2022 19:34:46 GMT

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 144ms
143ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 10182965.json Show response
s.yimg.com/wi/config/ 2 B
449 B 96ms
32ms XHR
application/json 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10182965.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:29 GMT
x-content-type-options: nosniff
age: 17
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: 5YV54267KDWPZDBR
x-amz-id-2: WnGbR2R1hulsM9/Rb/Hyax+LLVLZzeW9zsAEZ4XTgLzw2E2/FRNYG2m/8MdD8mbmqSGBa0OLnt0=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 2

GET
H2 200 10185747.json Show response
s.yimg.com/wi/config/ 2 B
162 B 97ms
33ms XHR
application/json 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10185747.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:20 GMT
x-content-type-options: nosniff
age: 26
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: 3HGKJ9A189T62V3G
x-amz-id-2: 3ozyGp5khXxSQPrJOjuxuS/oX7pL/mCFkkJzox4Mp6xR9vkczJ0oqGfN9pwNdLaoJergBKvSIUQ=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 2

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame 5C64 86 KB
16 KB 30ms
30ms Script
text/javascript 2600:9000:2305:1400:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2305:1400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
age: 192
date: Wed, 27 Jul 2022 19:31:34 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 4b0dd366e44414a4e7e6ed6970080d58.cloudfront.net (CloudFront)
cache-control: max-age=300, public
x-amz-cf-pop: IAD89-P2
x-amz-cf-id: W-SX7GznEZeGDu6Vo83x0NHV6EZyS6K37CmP2dwscoonSv2fBplp2Q==
etag: W/"21df7244385e5c0bdf32da01d0dad6c0"

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 132ms
132ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 128ms
128ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 init Show response
tr.snapchat.com/ 126 B
197 B 90ms
58ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/init?pids=93b1e4af-6eaf-4297-be3d-3d5af2907f10

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

5bba260b8d306ce594cb0499a7bbe17bb4019edec81cbb2c9469dfb0d9b403b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://secure.winred.com
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google, 1.1 google

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 77 B
460 B 88ms
57ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=93b1e4af-6eaf-4297-be3d-3d5af2907f10&tld=com

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

6145c51d82244d1a18874ee9d4586e46b226ade68810f6a166bc5555ec538a98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://secure.winred.com
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google, 1.1 google

GET
H2 200 dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising... Show response
adservice.google.com/ddm/fls/i/ Frame 4641 837 B
1 KB 92ms
38ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse

Requested by

Host: 9381094.fls.doubleclick.net
URL: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2b390a59e75931319f3ddbcbabd651b484ddc18b047d5e8482024bb765d8d1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9381094.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 595
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jul 2022 19:34:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK advertiser Show response
cm.teads.tv/v2/ 81 B
428 B 98ms
30ms Fetch
application/json 23.195.109.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.teads.tv/v2/advertiser?referer=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&buyer_pixel_id=6006
Requested by: Host: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.109.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-109-72.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d85c50996ba0b236390bdbe1e81ee2acacc2e3d2addd0949609f55dbb4aca3ff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Jul 2022 19:34:46 GMT
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://secure.winred.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 81
Expires: Wed, 27 Jul 2022 19:34:46 GMT

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 94ms
94ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 135ms
82ms XHR
text/plain 2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-60901920-1&cid=17586468.1658950486&jid=1186288760&gjid=980504624&_gid=1839716794.1658950486&_u=YCDACEABBAAAAG~&z=2719738

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jul 2022 19:34:46 GMT
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 129ms
79ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-73658561-7&cid=17586468.1658950486&jid=1678791774&_u=YCDAiEABBAAAAE~&z=1692692383

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 119ms
70ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-73658561-7&cid=17586468.1658950486&jid=1678791774&_u=YCDAiEABBAAAAE~&z=1692692383

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 2C18 672 B
603 B 97ms
68ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=93b1e4af-6eaf-4297-be3d-3d5af2907f10&_scsid=264dcf44-adcf-4338-89e1-b92562ecd047&_sclid=63e5d7f6-d2e9-4d1d-bf10-16f97b476341

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: gzip
content-type: text/html
date: Wed, 27 Jul 2022 19:34:46 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 12

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame BF62 2 KB
2 KB 25ms
24ms Other
text/html 2607:f8b0:4004:c17::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1608
content-type: text/html; charset=UTF-8

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 131ms
130ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 257ms
250ms Stylesheet
text/css 54.221.96.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.96.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-96-38.compute-1.amazonaws.com
Software: /
Resource Hash: 85dc768d498e32619cd12db0c93c1a4312ca5b0f805345f24d9e06f8cb6abbd3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 27 Jul 2022 19:34:46 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 106ms
25ms Fetch
image/jpeg 54.221.96.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.96.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-96-38.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 27 Jul 2022 19:34:46 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 2 KB
1 KB 17ms
11ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1455772/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70efe208587aa0220cbd71b13870394c06f90930540cbdfb677b1af997023bac

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: Q93sCEWoqxiO0LdTLulEOAOmIgRcHF1L
content-encoding: gzip
etag: "8cbcf8a5c724c32aa9be09d14a4c624d"
age: 3439
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 923
x-amz-id-2: 0dUPbOT4lmNX0r66NY/L6ym5NDP7CE1NUEJXfo/BuwuncSXz8dn62BwSsxT8ueb70dwAAESnj0U=
x-served-by: cache-yul12828-YUL
last-modified: Tue, 05 Apr 2022 10:34:30 GMT
server: AmazonS3
x-timer: S1658950486.293272,VS0,VE0
date: Wed, 27 Jul 2022 19:34:46 GMT
vary: Accept-Encoding
x-amz-request-id: XWBGF6WMZZ7MSSXH
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 85
x-cache-hits: 11975

GET
H2 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfr... Frame BF62 151 KB
54 KB 74ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

526537ea5b888a89a6abfaf0e909485061a10bf7103d638e25a8976015cb57ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 16:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54147
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 10:23:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jul 2023 16:07:19 GMT

GET
H2 200 init Show response
tr.snapchat.com/ 203 B
223 B 58ms
55ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/init?pids=93b1e4af-6eaf-4297-be3d-3d5af2907f10,7d4b8c98-0f71-4e52-97e5-4fc263ec23eb

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

a0538b60259c3c0739149ce535e3242511938bb6fc4c1e530f03adbf435f21e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://secure.winred.com
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google, 1.1 google

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 122 B
195 B 76ms
73ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=93b1e4af-6eaf-4297-be3d-3d5af2907f10,7d4b8c98-0f71-4e52-97e5-4fc263ec23eb&tld=com

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

4e331ceca6b40db0a1cde2fb06a558142fe9d9a50593a4365931ce59832ee273

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://secure.winred.com
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google, 1.1 google

GET
H2 200 p
tr.snapchat.com/ 68 B
555 B 60ms
57ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=7e780f75-6e45-4028-be80-59972e0a57e8&pid=93b1e4af-6eaf-4297-be3d-3d5af2907f10&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ts=1658950486284&rf=&v=1.6.0&if=false&bt=1d53c387&intg=gtm&m_sl=10227&m_rd=10365&m_pi=9506.20000076294&m_dcl=9662&m_fcps=9516.20000076294&m_pl=0&m_ic=0&m_pv=v2&u_hem=FFFeb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c&u_hpn=eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c&u_c1=786bd5b1-9a46-48a7-b58e-a99c0efb8a02

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 google, 1.1 google
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 113ms
108ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
633 B 111ms
58ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2027%20Jul%202022%2019%3A34%3A46%20GMT&n=0&b=Official%20Corrupt%20Media%20Survey&.yp=10182965&f=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&enc=UTF-8&yv=1.13.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Wed, 27 Jul 2022 19:34:46 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
246 B 111ms
60ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&b=Official%20Corrupt%20Media%20Survey&.yp=10185747&f=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&enc=UTF-8&yv=1.13.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Wed, 27 Jul 2022 19:34:46 GMT

GET
H3 200 p
tr.snapchat.com/ 68 B
88 B 121ms
106ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=0652fde7-927e-4f5b-8cdd-da86ce831211&pid=93b1e4af-6eaf-4297-be3d-3d5af2907f10&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ts=1658950486381&rf=&v=1.6.0&if=false&bt=1d53c387&m_sl=10227&m_rd=10461&m_pi=9506.20000076294&m_dcl=9662&m_fcps=9516.20000076294&m_pl=0&m_ic=0&m_pv=v2&u_hem=FFF115f0d7edfb874107bdcbf31523b1f62222411ebc745ac86442ea0800886e95e&u_hpn=eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c&u_c1=786bd5b1-9a46-48a7-b58e-a99c0efb8a02&intg=gtm

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 google, 1.1 google
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

GET
H3 200 p
tr.snapchat.com/ 68 B
88 B 80ms
67ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=40d16cfe-45fa-4940-ad72-8f04c11fc19f&pid=7d4b8c98-0f71-4e52-97e5-4fc263ec23eb&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ts=1658950486381&rf=&v=1.6.0&if=false&bt=1d53c387&m_sl=10227&m_rd=10462&m_pi=9506.20000076294&m_dcl=9662&m_fcps=9516.20000076294&m_pl=0&m_ic=0&m_pv=v2&u_hem=FFF115f0d7edfb874107bdcbf31523b1f62222411ebc745ac86442ea0800886e95e&u_hpn=eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c&u_c1=786bd5b1-9a46-48a7-b58e-a99c0efb8a02&intg=gtm

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 google, 1.1 google
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

POST
H2 200 6 Show response
m.stripe.com/ Frame 5C64 156 B
524 B 645ms
170ms XHR
application/json 52.24.226.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.24.226.252 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-24-226-252.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

b22891393226b16ca1fe0f65b15ab53495781fd5f309adcc86fb030a0776743a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:47 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 98ms
45ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-60901920-1&cid=17586468.1658950486&jid=1186288760&_u=YCDACEABBAAAAG~&z=1620853

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 77ms
36ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-60901920-1&cid=17586468.1658950486&jid=1186288760&_u=YCDACEABBAAAAG~&z=1620853

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
pips.taboola.com/ 64 B
242 B 49ms
10ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: f792b22fb13f65c5e822f6c57797b125e2fdfb7a758a69917f945fd9957c0f35

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-yul12828-YUL
access-control-allow-methods: GET
access-control-allow-origin: https://secure.winred.com
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 200 dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising... Show response
adservice.google.ca/ddm/fls/i/ Frame CD02 194 B
870 B 119ms
36ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/ddm/fls/i/dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CPz8pZPomfkCFUsJaAgdxJQBGg;src=9381094;type=pagev0;cat=djt_p0;ord=7815226304022;gtm=2wg7p0;auiddc=1641584672.1658950486;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jul 2022 19:34:46 GMT
expires: Wed, 27 Jul 2022 19:34:46 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 track
t.teads.tv/ 23 B
143 B 391ms
78ms Image
image/gif 23.52.164.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=pageView&env=js-web&tag_version=5.5.4_dee72da&buyer_pixel_id=6006&referer=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&cohort_id=Official%20Corrupt%20Media%20Survey
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-164-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H2 200 scevent.min.js Show response
sc-static.net/ Frame 2C18 22 KB
8 KB 30ms
29ms Script
application/javascript 18.67.84.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=93b1e4af-6eaf-4297-be3d-3d5af2907f10&_scsid=264dcf44-adcf-4338-89e1-b92562ecd047&_sclid=63e5d7f6-d2e9-4d1d-bf10-16f97b476341
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-84-240.iad89.r.cloudfront.net
Software: CloudFront /
Resource Hash: 37890dea5b2726064a174b28b90faf16d51fed898d0f37e2fb0342161593d68c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tr.snapchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 22:01:05 GMT
content-encoding: gzip
server: CloudFront
age: 77621
etag: 0d6e407936704bd380072f5891d28b0e
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=86400, max-age=600
x-amz-cf-pop: IAD89-P2
access-control-allow-headers: Content-Type
content-length: 7821
via: 1.1 478e42d78af3de35728ba409bf63e348.cloudfront.net (CloudFront)
x-amz-cf-id: AMyh3nisCBmcjk-mzAOoh1cLHv6RjdCC74HwTVnh1A14PVHcsnisOg==

POST
H2 204 /
rtclx.com/s/ 0
663 B 88ms
25ms Ping
text/plain 54.210.183.161
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtclx.com/s/?p=7532
Requested by: Host: rtxpx-a.akamaihd.net
URL: https://rtxpx-a.akamaihd.net/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.210.183.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-210-183-161.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,X-Forwarded-For,X-Forwarded-Proto,If-Modified-Since,referer,Cache-Control,Content-Type,Range,Pragma,Accept,Accept-Encoding,Accept-Language
access-control-allow-methods: GET, POST, OPTIONS
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM... Frame BF62 78 KB
28 KB 74ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM3l7Y2JMI.L.B1.O/am=BgAB/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfriwz-l3eKKu3P_WizFDBRGiipb_YA/ee=zhDmcb:EEDORb;cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c079d9b24247ee907686120a1cf51667765b52aa9fa7108f9aaf0fe978752a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 16:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29110
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 02:25:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jul 2023 16:13:55 GMT

GET
H2 204 / Show response
cds.taboola.com/ 0
82 B 68ms
19ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6&uad=eb6273f069197113a4bd3814343cc3ea46597947c7136cdbb9317ea41079ffcd
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 27 Jul 2022 19:34:46 GMT
cache-control: no-store
server: nginx

GET
H3

200

p Show response
tr.snapchat.com/cm/ Frame C266
Redirect Chain

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1658950486517&_scsid=e3ddc3bf-f1f2-490c-a511-29e49e1a15ad&_sclid=0761fc03-139a-4627-96ba-4b37bdf585d7
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1658872257453%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1658872257453%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://tr.snapchat.com/cm/p?rand=1658872257453&pnid=140&pcid=a58532d9-693c-4f16-b3fe-af7c1658476f

0
18 B

69ms
69ms

Document
text/html

35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/p?rand=1658872257453&pnid=140&pcid=a58532d9-693c-4f16-b3fe-af7c1658476f

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://tr.snapchat.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-transform
content-length: 0
content-type: text/html
date: Wed, 27 Jul 2022 19:34:46 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 14

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 27 Jul 2022 19:34:46 GMT
location: https://tr.snapchat.com/cm/p?rand=1658872257453&pnid=140&pcid=a58532d9-693c-4f16-b3fe-af7c1658476f
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 181084665799192 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 329ms
29ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/181084665799192?v=2.9.66&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba9773d3f813e47eb7e881585cd7c351e4a1944f2fc51eea5b24642c97316e48

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86028
x-xss-protection: 0
pragma: public
x-fb-debug: 5W85Gu0QT7Mr6ZYlBmItvvPUSXylrw6RybQO++VpG/U/oRsiLByYVq9bjBgBl4owWkKn2Z8wQEa22Vw8BKf1ZA==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Wed, 27 Jul 2022 19:34:46 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
410 B 321ms
33ms Image
image/gif 2a03:2880:f127:283:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2558854747672869&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&rl=&if=false&ts=1658950486548&sw=1600&sh=1200&v=2.9.66&r=stable&ec=0&o=29&fbp=fb.1.1658950486546.1540728542&it=1658950486153&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f127:283:face:b00c:0:25de Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Wed, 27 Jul 2022 19:34:46 GMT

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
444 B 25ms
24ms XHR
text/plain 54.221.96.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=qN8u767kF0QbP_2pGAa5oA&is_js=true&landing_url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&t=Official%20Corrupt%20Media%20Survey&tip=o15Q5NXA452EkxEV8wVNMj7pF6loo6DkamxpFIcPTbs&host=https://secure.winred.com&sa_conv_data_css_value=%20%220-3d598e0c-949e-4180-5ae6-c7b35f4bf305%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd944778ed623784b3d550d206e1577718d953899b7&sa-user-id-v2=s%253A0-3d598e0c-949e-4180-5ae6-c7b35f4bf305%2524ip%2524149.56.153.183.Eu15siu6YfURsZQjM657e8Lhd%252BixG5HymFxw4%252BxAPiI&sa-user-id=s%253A0-3d598e0c-949e-4180-5ae6-c7b35f4bf305.JBBgAdMstlVhvFUAO8CckS%252B0xo7KZIZSOi00XPSLmjY
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.96.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-96-38.compute-1.amazonaws.com
Software: /
Resource Hash: 1c902b9a87a2ecda2bcd91cb3fdb3bbe7c93f94103473087f2e7447497b0799f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 19:34:46 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://secure.winred.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 138

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame BF62 49 KB
20 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM3l7Y2JMI.L.B1.O/am=BgAB/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfriwz-l3eKKu3P_WizFDBRGiipb_YA/ee=zhDmcb:EEDORb;cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4154
date: Wed, 27 Jul 2022 18:25:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 27 Jul 2022 20:25:32 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame BF62 1 MB
350 KB 60ms
60ms XHR
text/html 2607:f8b0:4004:c17::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f513832ac186def6c8a33a92a0d031aff2b58dd0077854e5d0496c134ba4c1fc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JsbnCAR7r5LxJKaCb9bsnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-JsbnCAR7r5LxJKaCb9bsnA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none
date: Wed, 27 Jul 2022 19:34:46 GMT
x-frame-options: DENY
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-JsbnCAR7r5LxJKaCb9bsnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-JsbnCAR7r5LxJKaCb9bsnA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires: Wed, 27 Jul 2022 19:34:46 GMT

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 131ms
87ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 94ms
33ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 140ms
100ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 82ms
34ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 78ms
35ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 129ms
89ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 128ms
86ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 66ms
35ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 140ms
101ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 62ms
35ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM... Frame BF62 18 KB
7 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM3l7Y2JMI.L.B1.O/am=BgAB/d=1/exm=Das5Le,IZT63,PrPYRd,Ru0Pgb,ZyYHPb,_b,_r,_tp,hc6Ubd,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfriwz-l3eKKu3P_WizFDBRGiipb_YA/ee=zhDmcb:EEDORb;cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb72cee0c404378d67c5915d697f4dae6f568eab1e6f54747c114576d7d25d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 16:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7482
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 02:25:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jul 2023 16:13:55 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM... Frame BF62 37 KB
14 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.3VM3l7Y2JMI.L.B1.O/am=BgAB/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfriwz-l3eKKu3P_WizFDBRGiipb_YA/ee=zhDmcb:EEDORb;cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9764a85c5627043a123402b769913ea2e71e9e76e23c2db210e0a48eea35d560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 16:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14174
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 02:25:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jul 2023 16:13:55 GMT

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 122ms
88ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 34ms
33ms Preflight
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 27 Jul 2022 19:34:46 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 84ms
83ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 84ms
84ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 83ms
83ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 86ms
86ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html Show response
js.stripe.com/v3/ Frame 77A9 829 B
2 KB 31ms
30ms Document
text/html 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

e4b3b6713da1d8c5a02e3fdf18eaf602193b5bc82a25af60ceaee69ea5cf694c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 398
cache-control: max-age=31536000
content-length: 829
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:28:10 GMT
etag: "0623c4854c95d98f464bc485783b98f9"
last-modified: Tue, 26 Jul 2022 14:05:54 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-amz-cf-id: DXuARLRray6OB9xvjSmxQYvJFfrZJZRO_fO1lp0TeIfxyKc0F1CfHg==
x-amz-cf-pop: IAD89-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 149ms
149ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 137ms
129ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H3 200 log Show response
play.google.com/ Frame BF62 131 B
152 B 134ms
99ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.HpGMm6E_VdQ.es5.O/am=BgAB/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhPVJtwTWUGLHr6-l7kuTJAbt1DxA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 77A9 0
570 B 116ms
115ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 77A9 0
570 B 116ms
116ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 ui-shared-6523f054caa63f18f26a2209c2ddbfc4.css
js.stripe.com/v3/fingerprinted/css/ Frame 77A9 18 KB
3 KB 32ms
31ms Stylesheet
text/css 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-6523f054caa63f18f26a2209c2ddbfc4.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

08ec903b4346a3f3c29ddcccfd77d3a8a438cc262efc44261904f08c3bca2911

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 11
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:45 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Mon, 25 Jul 2022 18:22:18 GMT
server: Cloudfront
etag: W/"26107d35cc222dfbed2ac5f33ec26746"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: CzxkpdllDwbWBK0qYJblu0uUzLqPDWvLZ7Zs5eaUahEgSsodGeflBw==

GET
H2 200 elements-inner-payment-request-5dc11dda67ea2aa1d4bb9edd33f076ee.css
js.stripe.com/v3/fingerprinted/css/ Frame 77A9 7 KB
2 KB 33ms
31ms Stylesheet
text/css 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-payment-request-5dc11dda67ea2aa1d4bb9edd33f076ee.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ae4534ddf6813360cb413daf108742ec67a6d3edca6297ce8a7774b4f64e5c09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 42
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:04 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Fri, 22 Jul 2022 23:50:12 GMT
server: Cloudfront
etag: W/"648d1966967cd19b2fec8ac2aaec6575"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: feJY9E8pA5B7_jQhiKtFmPGiGSXr0txOvb-9wCzZAe5tOnc4XGh_og==

GET
H2 200 shared-32fd31f439c26bfaebecd520476c705e.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 77A9 226 KB
55 KB 40ms
39ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 7
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:44 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"ca830cb1fadafcea4ab6165eb3c71a96"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: q-sh-M7xsp2ynxS7GxoptGt1e7Ud4Xl-7OVHsw8VS1QeE63CZVBMhQ==

GET
H2 200 ui-shared-fbeeaea8a6caa8371a54d8f27a684891.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 77A9 208 KB
60 KB 34ms
33ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-fbeeaea8a6caa8371a54d8f27a684891.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a94301016404426c0f632f42c6ae88b5eaf90b596c8ea1610aac254b055337b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 16
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:34 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:04 GMT
server: Cloudfront
etag: W/"23e2b323b8260b59adee27968730eef1"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: 1YpcfQ2E-Tg2EgqNJzeEqsHCuqPMOOqvuzDLDVpFZi5lXvQHg5Yo4g==

GET
H2 200 elements-inner-payment-request-933f51d7fa671de6b1f8fee6dccc19ac.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 77A9 43 KB
13 KB 46ms
46ms Script
text/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-payment-request-933f51d7fa671de6b1f8fee6dccc19ac.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

dea579c0082e8a48bb93198473a236fb83beaa850fd6be58a2dc78272c8b5d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0623c4854c95d98f464bc485783b98f9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
age: 12
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:36 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
last-modified: Tue, 26 Jul 2022 14:06:02 GMT
server: Cloudfront
etag: W/"7f3593bf6e755435bb01cf2a9fc367df"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
timing-allow-origin: *
x-amz-cf-id: 6w_YhlV55QhZk_Rh1zgkb0CWWVQCh7GsiIHAGM2LXg2JxJBxAxYVdQ==

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 179ms
179ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 176ms
162ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H2 200 0 Show response
r.stripe.com/ Frame A946 0
127 B 170ms
163ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:46 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 61ms
30ms Image
image/gif 2a03:2880:f127:283:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=181084665799192&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&rl=&if=false&ts=1658950486903&sw=1600&sh=1200&v=2.9.66&r=stable&a=tmgoogletagmanager&ec=0&o=29&fbp=fb.1.1658950486546.1540728542&it=1658950486153&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f127:283:face:b00c:0:25de Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:46 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Wed, 27 Jul 2022 19:34:46 GMT

POST
H2 200 0 Show response
r.stripe.com/ Frame FE8A 0
127 B 91ms
91ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/0
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-32fd31f439c26bfaebecd520476c705e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js.stripe.com
date: Wed, 27 Jul 2022 19:34:47 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain

POST
H3 200 rum Show response
secure.winred.com/cdn-cgi/ 0
167 B 52ms
30ms XHR
text/plain 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
content-type: application/json

Response headers

date: Wed, 27 Jul 2022 19:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 7317d08009ba4bd7-YUL
vary: Origin

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 39ms
39ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-880442929

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14d7092fe49511b7c206b1a63d3ceb5c1db44a0c9522329538ad6336eb7b6342

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45272
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jul 2022 19:34:47 GMT

POST
H2 204 /
rtclx.com/s/ 0
663 B 27ms
26ms Ping
text/plain 54.210.183.161
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtclx.com/s/?p=7535
Requested by: Host: rtxpx-a.akamaihd.net
URL: https://rtxpx-a.akamaihd.net/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.210.183.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-210-183-161.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,X-Forwarded-For,X-Forwarded-Proto,If-Modified-Since,referer,Cache-Control,Content-Type,Range,Pragma,Accept,Accept-Encoding,Accept-Language
access-control-allow-methods: GET, POST, OPTIONS
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 40 KB
15 KB 138ms
80ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-880442929

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

406e6ea57a19595b0e6786f2774801bf150aa9adea1c102abd6127632fcbdc5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15165
x-xss-protection: 0
server: cafe
etag: 6365998374961989006
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 27 Jul 2022 19:34:47 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/880442929/ 3 KB
2 KB 92ms
44ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/880442929/?random=1658950487247&cv=9&fst=1658950487247&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa7p0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&tiba=Official%20Corrupt%20Media%20Survey&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

246578e1426b3fcab9b57d09477305e60acacacc2e17305b395f1d40f3876e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1256
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame BCB8 0
674 B 108ms
44ms Document
text/html 172.253.115.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jul 2022 19:34:47 GMT
expires: Wed, 27 Jul 2022 19:34:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/880442929/ 42 B
64 B 52ms
51ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/880442929/?random=1658950487247&cv=9&fst=1658948400000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa7p0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&tiba=Official%20Corrupt%20Media%20Survey&async=1&fmt=3&is_vtc=1&random=57227238&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/880442929/ 42 B
64 B 39ms
39ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/880442929/?random=1658950487247&cv=9&fst=1658948400000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa7p0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&tiba=Official%20Corrupt%20Media%20Survey&async=1&fmt=3&is_vtc=1&random=57227238&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jul 2022 19:34:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1455772/log/3/ 0
380 B 116ms
55ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1455772/log/3/unip?en=pre_d_eng_tb&tos=1614&scd=29&ssd=1&est=1658950486103&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1658950487717&vi=1658950486100&ri=5ab871537f4f9c70e6fcea24f8049072&sd=v2_8d3b1e61b1459feeaffb2be7dbd9219a_a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6_1658950486_1658950486_CNawjgYQnO1YGNSQnomkMCABKAEwJjiJ6AdA6vUHSKfL2QNQrswHWABgAGiR64Ocj4-SgpIBcAE&ui=a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6&ref=null&cv=20220726-7-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ler=other
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1455772/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://secure.winred.com
pragma: no-cache
date: Wed, 27 Jul 2022 19:34:47 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H3 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/49/11/ 245 KB
67 KB 60ms
20ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/49/11/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e8731915d6084606c02c61206e576153867e04f4d972b81f80150eefcc98ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 17:39:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69003
x-xss-protection: 0
last-modified: Mon, 25 Jul 2022 22:34:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Jul 2023 17:39:02 GMT

GET
H3 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/49/11/ 157 KB
58 KB 62ms
22ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/49/11/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5408ebe07de19c0be08f77010a7cf40e56bc74d09ef8fa4d20f54123fb87c068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 17:39:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59011
x-xss-protection: 0
last-modified: Mon, 25 Jul 2022 22:34:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Jul 2023 17:39:02 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1455772/log/3/ 0
379 B 20ms
19ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1455772/log/3/unip?en=pre_d_eng_tb&tos=4616&scd=29&ssd=1&est=1658950486103&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1658950490720&vi=1658950486100&ri=5ab871537f4f9c70e6fcea24f8049072&sd=v2_8d3b1e61b1459feeaffb2be7dbd9219a_a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6_1658950486_1658950486_CNawjgYQnO1YGNSQnomkMCABKAEwJjiJ6AdA6vUHSKfL2QNQrswHWABgAGiR64Ocj4-SgpIBcAE&ui=a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6&ref=null&cv=20220726-7-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Fcorrupt-media-survey-ty-c001-ext001%3Famount%3D25%26recurring%3Dtrue%26money_pledge%3Dtrue%26utm_medium%3Demail_prsp%26utm_source%3Dd001_d001_na%26utm_campaign%3D20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica%26utm_content%3Dsurvey_cpyrs_recZuBIeTxKMmYGA9-10504%26leadcreated%3Dfalse&ler=other
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1455772/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://secure.winred.com
pragma: no-cache
date: Wed, 27 Jul 2022 19:34:50 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 trusted-types-checker-b31b0d3b211d1247a37e6120682932ed.js Show response
js.stripe.com/v3/fingerprinted/js/ 174 B
675 B 30ms
30ms Script
application/javascript 18.67.65.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-b31b0d3b211d1247a37e6120682932ed.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-9.iad89.r.cloudfront.net

Software

Cloudfront /

Resource Hash

79db4d79a6e53e3aa9b5703a1156cc9accef42d4d3d31b5019d2eabf216fa751

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 37
x-cache: Hit from cloudfront
date: Wed, 27 Jul 2022 19:34:16 GMT
content-length: 174
last-modified: Fri, 22 Jul 2022 23:50:14 GMT
server: Cloudfront
etag: "5cbd8f0579eb735eea933bbd78b29553"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UkfRIV8Due9YOwpK8Mv8JKoOZe1ReEbj2jFajPCN7syUMTnfGnhPnw==

POST 0
r.stripe.com/ Frame FE8A 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: r.stripe.com
URL: https://r.stripe.com/0

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/saveamerica-sc/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_8d3b1e61b1459feeaffb2be7dbd9219a_a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6_1658950486_1658950486_CNawjgYQnO1YGNSQnomkMCABKAEwJjiJ6AdA6vUHSKfL2QNQrswHWABgAGiR64Ocj4-SgpIBcAE
sc-static.net/scevent.min.js	1970-01-20 04:50:36	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
app.revv.co/api/v3/users	1970-01-22 00:38:36	Name: rvid Value: 58b90b82-889b-4289-927b-d27e9cf93033
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: VmhCczROTERsZW10YTA2clVjWEoweWZUWkhCMnVkR1RHZU9iUitDYXVwS3Bna2hiTitIbVR1U1kwa29aWW5HSHNrTGJ3VVgzZmw5dElFaDNFS0h1Q1FaQ0JRdHpRNDZXWWRLQitwUlRHOHh1SkYyZ0J6REI1YVMyV3czaWRSVlQ1V1VYOXdOc2YwMlo3VzFxNXFRTU5FdTkvdzd5aXZIOFRwWHFkU2M5Zy80QmRUdTdkTlNtS1cvYTFIb09mcTRaZWI5ajNVWTdPRmlrWGJ2dXlnNmJIZStxMUJQSGQwV2JjM0p5WURBWG4wbTk0c3dwOGRZcEw3b0RmUFRKejVGN0puc0RFa2FKdGk5NzdiOVBNSGNhcXVzcktjcmhjKzlrZm5UUjFrQ2ZkWWlZYXJhRlV6a2I1NlBIN051UDJNWjFLcFdwUWp0Z0t1UFBpY2VNQ3dJajVEWWlRQ1Bla3B6NEI1MEVvRCt2Y013PS0tdmlMU2lxa2UycXZ1WUdKSDV5V2RJQT09--624b9b103fa673820d4620c5a4c3236ffc3ee109
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/save-america-joint-fundraising-committee/corrupt-media-survey-ty-c001-ext001?amount=25&recurring=true&money_pledge=true&utm_medium=email_prsp&utm_source=d001_d001_na&utm_campaign=20220720_corrupt-media-survey-submit_officialtrumpcorrespondence_saveamerica&utm_content=survey_cpyrs_recZuBIeTxKMmYGA9-10504&leadcreated=false
.revv.co/	1969-12-31 23:59:59	Name: _revv_v3_session Value: b1hWNW55RXVZUTZnZ1dnNTBobDYzODMvUmZucVl5aWI1VkRyL1VISkpBR0FOQnNzWjgzeVlXWmt4V085SVZhUXFGTE1Wck12aU1DRTd5YlNMM3hqTkE9PS0tRzBKUTZxeEdiMzJVQ09aQW1hSlRaZz09--a6fe78274899af817e1abb174ad6259d648b428c
.revv.co/	1970-01-20 04:49:12	Name: __cf_bm Value: 2c57TZHexkEpPaDJynDgYwIpvmnqhiAzIs220Cqm5Ms-1658950485-0-AfW/MIY0lhUa/i5A2x/m5NE1aGh5fO0AHsityeEejAyg/I1Eo2U06AFsX2eDG/4tVqQOh89vxBCc5lwN4D7Mre1ygFMXLN3TM1cI6P+Ix7p+
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-22 00:37:10	Name: rvid Value: 58b90b82-889b-4289-927b-d27e9cf93033
.winred.com/	1970-01-20 06:58:46	Name: _gcl_au Value: 1.1.1641584672.1658950486
.google.com/	1970-01-20 09:12:41	Name: NID Value: 511=GpXowv6kV-zITJEbDNZ7BGPYHEApAZ-laOuXzBQK7WQ5lBcq91RFoYgv3qz1ryR42lMUVdcFAWtLNg6XYnHmzNYNrYvxBr9zpfiN8Xf2xAxItA64UxphytmEyrCElnjKTL2JDdoMWCTq8-CcjAyzxtwMpidHNd9o4jVyqLLzQ3A
.secure.winred.com/	1970-01-20 04:49:12	Name: __cf_bm Value: LQIqk2QqI.4HqtAyevbuVuPzfzG_rL7pX1p6ZRtTq9Y-1658950485-0-AdpvRLLZRm4jKI9SiWawTIbf6l1ukTU6O56x5p+6l9QAyMoOFyv3Gdb0E0RCg0eK1i61WzOg25JRyygZiYeA8F0LpQ3lHWApstfelFCnQ8uzuZVHZSTioxKeUhh47NrQzsxFfFV3JHifgrYfO6PdyiXDuJd3MaPHDSvbkqIf8ZymvYauWRgUeFWIBHK8bJaOBg==
.winred.com/	1970-01-20 22:20:22	Name: _ga_X6H0114PDF Value: GS1.1.1658950486.1.0.1658950486.0
.winred.com/	1970-01-20 22:20:22	Name: _ga Value: GA1.2.17586468.1658950486
.winred.com/	1970-01-20 04:50:36	Name: _gid Value: GA1.2.1839716794.1658950486
.winred.com/	1970-01-20 04:49:10	Name: _dc_gtm_UA-73658561-7 Value: 1
.winred.com/	1970-01-20 04:49:10	Name: _gat_UA-60901920-1 Value: 1
tags.srv.stackadapt.com/	1970-01-20 13:34:46	Name: sa-user-id Value: s%3A0-3d598e0c-949e-4180-5ae6-c7b35f4bf305.JBBgAdMstlVhvFUAO8CckS%2B0xo7KZIZSOi00XPSLmjY
.srv.stackadapt.com/	1970-01-20 13:34:46	Name: sa-user-id-v2 Value: s%3APVmODJSeQYBa5sezX0vzBZU4mbc.tKglawu6g8su5s7EN93O3NJt0z1CN5iI2Ek3mPg9dLY
.taboola.com/	1970-01-20 13:34:46	Name: t_gid Value: a655c1d3-cadb-4b17-aca7-4a6f3d36e01d-tuct9db18d6
.winred.com/	1970-01-20 04:50:22	Name: FPLC Value: %2FKzW0T8N9iKWQLMIxk7Fr10ThbTOna64GcmPOJl%2BcCJ2r1D0AboSWAGzuIIUHOg9tAYAjW0tnm2d1k5fFMJtsphh7U4OtScaIT3TQIjioSyp3ismfVBjET8sUIdvjA%3D%3D
.winred.com/	1970-01-20 22:20:22	Name: FPID Value: FPID2.2.qfwGGJhr0tpLZUdxUss54f4coLiRH0DEJMRR3RjuJrs%3D.1658950486
.winred.com/	1970-01-20 14:18:57	Name: _scid Value: 786bd5b1-9a46-48a7-b58e-a99c0efb8a02
secure.winred.com/	1970-01-20 13:34:46	Name: sa-user-id Value: s%253A0-3d598e0c-949e-4180-5ae6-c7b35f4bf305.JBBgAdMstlVhvFUAO8CckS%252B0xo7KZIZSOi00XPSLmjY
secure.winred.com/	1970-01-20 13:34:46	Name: sa-user-id-v2 Value: s%253A0-3d598e0c-949e-4180-5ae6-c7b35f4bf305%2524ip%2524149.56.153.183.Eu15siu6YfURsZQjM657e8Lhd%252BixG5HymFxw4%252BxAPiI
.akamaihd.net/	1970-01-20 13:34:46	Name: b53eedc13__ Value: 8379884aeb7067495656a6f31ea33e0a88ef7cb36.1658950486
.yahoo.com/	1970-01-20 13:35:08	Name: A3 Value: d=AQABBFaT4WICEKxgH-0nuODphxTvXZc0ACgFEgEBAQHk4mLrYgAAAAAA_eMAAA&S=AQAAAkKia-e0oAOTJWndVJOujkU
.winred.com/	1970-01-20 06:58:46	Name: _fbp Value: fb.1.1658950486546.1540728542
.rtclx.com/	1970-01-20 05:32:22	Name: tp_usr Value: 8379884aeb7067495656a6f31ea33e0a88ef7cb36
.rtclx.com/	1970-01-20 05:32:22	Name: tp_dfp Value: 2c04e95d0de311ed89240242ac110004
.snapchat.com/	1970-01-20 14:10:46	Name: sc_at Value: v2\|H4sIAAAAAAAAAE3GyREAIQgEwIioGuQQNhtFjcLg/W6/elZjyyqKPRqpwml0JE1jwTqVInJZ8bFbpEHD7694a7ioC0AAAAA=
.facebook.com/	1970-01-20 06:58:46	Name: fr Value: 09UkFJyKExrI7AaEw..Bi4ZNW...1.0.Bi4ZNW.
.tapad.com/	1970-01-20 06:15:34	Name: TapAd_TS Value: 1658950486872
.tapad.com/	1970-01-20 06:15:34	Name: TapAd_DID Value: a58532d9-693c-4f16-b3fe-af7c1658476f
.tapad.com/	1970-01-20 06:15:34	Name: TapAd_3WAY_SYNCS Value:
.winred.com/	1970-01-20 14:18:57	Name: _sctr Value: 1\|1658880000000
m.stripe.com/	1970-01-20 22:20:22	Name: m Value: 87e78455-fb26-4d4d-9643-e4c95b844216c7ede2
.secure.winred.com/	1970-01-20 13:34:46	Name: __stripe_mid Value: ec39d4d8-e144-4abd-bd7c-a02b7c916bc4024ac9
.secure.winred.com/	1970-01-20 04:49:12	Name: __stripe_sid Value: 8f116de5-c54f-41f3-841a-50bc7a4d5143339a13
.doubleclick.net/	1970-01-20 22:20:22	Name: IDE Value: AHWqTUmlo4Ew8Pq_gooPm4D72GHFv7vZuVmIYETU77M1unTZzUeptAVMr0ZCw3N0

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://pay.google.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9381094.fls.doubleclick.net
adservice.google.ca
adservice.google.com
app.revv.co
bid.g.doubleclick.net
cdn.taboola.com
cds.taboola.com
cm.teads.tv
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
gtm.winred.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
p.teads.tv
pay.google.com
pips.taboola.com
pixel.tapad.com
play.google.com
q.stripe.com
r.stripe.com
rtclx.com
rtxpx-a.akamaihd.net
s.yimg.com
sc-static.net
secure.winred.com
sp.analytics.yahoo.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stickyid-a.akamaihd.net
t.teads.tv
tags.srv.stackadapt.com
tr.snapchat.com
trc-events.taboola.com
trc.taboola.com
trk.cp20.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
r.stripe.com
107.178.246.49
141.226.224.32
141.226.224.48
142.250.80.66
142.250.80.70
151.101.65.44
172.253.115.154
18.67.65.9
18.67.84.240
2001:4998:14:800::1001
216.24.224.100
23.195.109.72
23.52.164.7
2600:141b:13::17d7:8299
2600:141b:13::17d7:82b3
2600:9000:2269:200:0:7d26:ee00:93a1
2600:9000:2305:1400:19:7d10:bd80:93a1
2606:4700:440e::ac40:9c1a
2606:4700::6811:5347
2606:4700::6812:9b15
2607:f8b0:4004:c07::9c
2607:f8b0:4004:c17::5c
2607:f8b0:4006:808::200e
2607:f8b0:4006:80a::2002
2607:f8b0:4006:80c::2002
2607:f8b0:4006:817::200e
2607:f8b0:4006:81d::2004
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81f::2003
2607:f8b0:4006:822::2003
2607:f8b0:4006:823::2008
2607:f8b0:4006:824::200a
2a03:2880:f027:212:face:b00c:0:3
2a03:2880:f127:283:face:b00c:0:25de
2a04:4e42:200::300
35.190.43.134
52.24.226.252
54.187.119.242
54.210.183.161
54.221.96.38
76.13.32.146
01806685e5053e07867c6727615e8fb22f4090b6c86c7d5ab10f4b54e44e125f
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
08ec903b4346a3f3c29ddcccfd77d3a8a438cc262efc44261904f08c3bca2911
0d2664a95e11876d3c3c14efc51b7b143ff4fdfe3a867a91105efd1c0b05221f
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ac873735606cdf78cdde822341c994a8d8fba32f9c1766d1bd1918c60c3247
14d7092fe49511b7c206b1a63d3ceb5c1db44a0c9522329538ad6336eb7b6342
19bb040944b86111f3f3b564e471c0f48b3f6377014edc51c79dc12b454ee4e3
1c902b9a87a2ecda2bcd91cb3fdb3bbe7c93f94103473087f2e7447497b0799f
1cd6e55f30592f2d07f9d038d85872e5d4fe5b079c86cadf29a3776694593d7b
21646555e9eefab70d22622a9dc9124c7e39ec2aebb020ab713e6951a8839607
246578e1426b3fcab9b57d09477305e60acacacc2e17305b395f1d40f3876e83
249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f
275a87e6da00b4fdd62abb2a2d28efff5aa886ea993b30f085a4767fa6c649b2
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2bcc2f5700645030bb39baa0fe27f7ca185d9304e4667ad70af5ab84a5e8d88a
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
351cfd3dd83c7a6cc2744f0ce89f9c21ea91f9e1c9e4af5e398718794c6bc5b9
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
37890dea5b2726064a174b28b90faf16d51fed898d0f37e2fb0342161593d68c
39bae2021ad7a2ea6399594ad4cff22d75bf21c77058da01cbaf289f3b4fe7de
406aee8e16677422cfdda788d097fec2bb6440a2aa9ce5e574bb7f9eb3fa024a
406e6ea57a19595b0e6786f2774801bf150aa9adea1c102abd6127632fcbdc5b
41165cee77bd59988867830fc4f91931f4689f4b795c29a7d453fcba1c5f16df
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48283ccfdc4928a0b59641137c3f4cb1a5a368258ca1e5aeda6959d2ed11586e
4e331ceca6b40db0a1cde2fb06a558142fe9d9a50593a4365931ce59832ee273
4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
526537ea5b888a89a6abfaf0e909485061a10bf7103d638e25a8976015cb57ea
5408ebe07de19c0be08f77010a7cf40e56bc74d09ef8fa4d20f54123fb87c068
5bba260b8d306ce594cb0499a7bbe17bb4019edec81cbb2c9469dfb0d9b403b2
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
5e8fd4ed0ff95a36c90f1d4f977f1678a3330b9d30ec4ee2beb715ad509bde4b
6145c51d82244d1a18874ee9d4586e46b226ade68810f6a166bc5555ec538a98
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
6ca57f3fc1fc659cba236965dc70c939dc50cc1fb8684b8034ed86824d1077cc
6de48c97b08bca88630c7a68fe36fe18a43010ed4d33add156a505fb84176694
70efe208587aa0220cbd71b13870394c06f90930540cbdfb677b1af997023bac
721f27f8e0e6eee8667c68f054a2d97d4e4c9ac1cb683916281fb12676ab4b60
79db4d79a6e53e3aa9b5703a1156cc9accef42d4d3d31b5019d2eabf216fa751
7a15a7c250eb25e8a28fa5e020fc15d656966115577ba4f51c19274149a48e56
7e8731915d6084606c02c61206e576153867e04f4d972b81f80150eefcc98ba9
7fc4e7e24bdfb9955a95e4ff4904f160455ff3ff48fd88aead4bad5153ba0a67
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85dc768d498e32619cd12db0c93c1a4312ca5b0f805345f24d9e06f8cb6abbd3
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
9405f3797e5a5fa47d24ba4440b54ec4c82ff557fdb4b6745c278fd6a3b3ea96
94eca203865859d2384cd4b5f61ebfa8ba21ec7e2dc7a05e1bfa656cb72bccf9
9764a85c5627043a123402b769913ea2e71e9e76e23c2db210e0a48eea35d560
9fbd0e0a2695ed3b76a92490df70ed2a152492204c2b2ee753c5f0e16d609f66
a0538b60259c3c0739149ce535e3242511938bb6fc4c1e530f03adbf435f21e4
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a59fd3c6769c60728d583fac1e834527ac1564fd9d2c82df3dd421d6e2c39357
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a68bfdc0c45ac7a8987a255d4d96ff9ce5ae5bd97a6fa0ce6c9f750e9b687ae4
a87489d8da9102fcc56045c7625e5481d50ff6245c1320f0a67aaa69a21dcc28
a94301016404426c0f632f42c6ae88b5eaf90b596c8ea1610aac254b055337b2
aab3a3fd4843bc3b28d07a0f6e3b220bc9468cfcf1a173aaab365a9c0574fe7d
ae4534ddf6813360cb413daf108742ec67a6d3edca6297ce8a7774b4f64e5c09
ae8ab2b6e48fdef457c84b2b32b1e7a980579dfc50622ee62fcc515b68752399
b22891393226b16ca1fe0f65b15ab53495781fd5f309adcc86fb030a0776743a
b2b390a59e75931319f3ddbcbabd651b484ddc18b047d5e8482024bb765d8d1c
b8851b9e75e2d6aa73dd29fb0c18517c4f22ad1faa26c0c89c9afa92bfeeac34
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
ba9773d3f813e47eb7e881585cd7c351e4a1944f2fc51eea5b24642c97316e48
be7fd4a76d16eaf0869c22ccbe53a3baa540ae5cabcc08dd9dc40f68268b883d
c079d9b24247ee907686120a1cf51667765b52aa9fa7108f9aaf0fe978752a27
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caf9d70b457b34e5c423530d39741a2683d3839d4c830dd7ba9115d1f399e8c9
ce3dc891c88609c872bc8f424a458d92980c0d34f97641b3869206bcab568f39
cf4bf73b7c49f47411971fecc9b5a50a7726be6a7cd6bc1413fd56d8fcfc221d
d27141c72417f7daf04b2a8b44f67b584557e11c131774110f47d1d9964b6ca8
d4edbbe1037c50c8ffa90860286c8166860ad9da450ed5e16a28e2fc9bce3c23
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d85c50996ba0b236390bdbe1e81ee2acacc2e3d2addd0949609f55dbb4aca3ff
d861c91efb53e0aca72f5d022c43eca3e4079ed3cd1b241e14414e7d0b16ec0f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dea579c0082e8a48bb93198473a236fb83beaa850fd6be58a2dc78272c8b5d47
e0b0f145c7e2d4dc088034e19c6f9d802468f4bbae83df9b84129a19a5ceef9d
e19981c96ee0926f90d42d3cf6f7bfe6e870a9385efdf708cb65580c00c4351e
e23a283ea2f115f4ca4d5a333e33adbc7979850dfec16960020604fd5fdb64ff
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47944ce8eea2607994a5fdc426a68a6456f61c62f49850f89e5706e440ac943
e4b3b6713da1d8c5a02e3fdf18eaf602193b5bc82a25af60ceaee69ea5cf694c
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
eb72cee0c404378d67c5915d697f4dae6f568eab1e6f54747c114576d7d25d41
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f513832ac186def6c8a33a92a0d031aff2b58dd0077854e5d0496c134ba4c1fc
f792b22fb13f65c5e822f6c57797b125e2fdfb7a758a69917f945fd9957c0f35
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

secure.winred.com Open in urlscan Pro 2606:4700::6812:9b15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

192 Requests

99 %HTTPS

56 %IPv6

27 Domains

45 Subdomains

40 IPs

2 Countries

3483 kBTransfer

9767 kBSize

40 Cookies

5 Outgoing links

Page URL History

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700::6812:9b15 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

99 %
HTTPS

56 %
IPv6

27
Domains

45
Subdomains

40
IPs

2
Countries

3483 kB
Transfer

9767 kB
Size

40
Cookies

192 HTTP transactions
0 data transactions