secure.ngpvan.com Open in urlscan Pro
45.60.31.183 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://presidentvladimirputin.live/
Effective URL:
https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589...
Submission: On March 24 via api (March 24th 2022, 6:27:03 pm UTC) from CA — Scanned from CA

Summary HTTP 39 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 12 IPs in 1 countries across 11 domains to perform 39 HTTP transactions. The main IP is 45.60.31.183, located in United States and belongs to INCAPSULA, US. The main domain is secure.ngpvan.com. The Cisco Umbrella rank of the primary domain is 56800.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on December 30th 2021. Valid for: a year.

This is the only time secure.ngpvan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.197.142.173 15.197.142.173	16509 (AMAZON-02) (AMAZON-02)
11	45.60.31.183 45.60.31.183	19551 (INCAPSULA) (INCAPSULA)
5	2600:141b:13:... 2600:141b:13::17d7:82e1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2600:9000:21e... 2600:9000:21ec:d000:3:1d53:4780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.225.223.65 13.225.223.65	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2008	15169 (GOOGLE) (GOOGLE)
1	52.239.157.138 52.239.157.138	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:2800:11f... 2606:2800:11f:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2600:141b:13:... 2600:141b:13::17d7:82cb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::9d	15169 (GOOGLE) (GOOGLE)
2	20.42.73.142 20.42.73.142	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
39	12

1 15.197.142.173 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com

presidentvladimirputin.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 45.60.31.183 (United States)

ASN19551 (INCAPSULA, US)

secure.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fastaction.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:141b:13::17d7:82e1 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21ec:d000:3:1d53:4780:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.223.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-65.jfk51.r.cloudfront.net

js.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2008 (Queens, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.239.157.138 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

nvlupin.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:11f:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82cb (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:820::200e (Queens, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.42.73.142 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ngpvan.com secure.ngpvan.com — Cisco Umbrella Rank: 56800 profile.ngpvan.com — Cisco Umbrella Rank: 49431 fastaction.ngpvan.com — Cisco Umbrella Rank: 143988	34 KB
9	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
6	everyaction.com static.everyaction.com secure.everyaction.com — Cisco Umbrella Rank: 49337	383 KB
6	typekit.net use.typekit.net — Cisco Umbrella Rank: 427 p.typekit.net — Cisco Umbrella Rank: 527	194 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 857	281 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	86 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 68	440 B
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 1652	40 KB
1	windows.net nvlupin.blob.core.windows.net — Cisco Umbrella Rank: 47984	1 MB
1	verygoodvault.com js.verygoodvault.com — Cisco Umbrella Rank: 65676	24 KB
1	presidentvladimirputin.live 1 redirects presidentvladimirputin.live	469 B
39	11

	Domain	Requested by
9	www.google-analytics.com	www.googletagmanager.com az416426.vo.msecnd.net secure.ngpvan.com
7	secure.ngpvan.com	secure.ngpvan.com static.everyaction.com az416426.vo.msecnd.net
5	static.everyaction.com	secure.ngpvan.com static.everyaction.com
5	use.typekit.net	secure.ngpvan.com
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	profile.ngpvan.com	static.everyaction.com az416426.vo.msecnd.net
2	www.googletagmanager.com	secure.ngpvan.com static.everyaction.com
1	secure.everyaction.com	az416426.vo.msecnd.net
1	stats.g.doubleclick.net	az416426.vo.msecnd.net
1	fastaction.ngpvan.com	static.everyaction.com
1	p.typekit.net	secure.ngpvan.com
1	az416426.vo.msecnd.net	secure.ngpvan.com
1	nvlupin.blob.core.windows.net	secure.ngpvan.com
1	js.verygoodvault.com	secure.ngpvan.com
1	presidentvladimirputin.live	1 redirects
39	15

This site contains links to these domains. Also see Links.

Domain
fastaction.ngpvan.com
peteaguilar.com

Subject Issuer	Validity	Valid
*.ngpvan.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-30` - `2023-01-14`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
static.everyaction.com Amazon	`2021-07-08` - `2022-08-06`	a year	crt.sh
*.verygoodvault.com Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 01	`2022-02-18` - `2023-02-18`	a year	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.everyaction.com RapidSSL TLS RSA CA G1	`2020-05-28` - `2022-05-28`	2 years	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 02	`2022-02-08` - `2023-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Frame ID: AEC0C2320CEFB4FE5827A1F90DDC458D
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://presidentvladimirputin.live/ HTTP 301
https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Page Statistics

39
Requests

100 %
HTTPS

58 %
IPv6

11
Domains

15
Subdomains

12
IPs

1
Countries

1905 kB
Transfer

3120 kB
Size

24
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://fastaction.ngpvan.com/##whats-this
Title: ?

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid_signup
Title: Sign up with your email address

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/facebook
Title: Facebook

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/twitter
Title: Twitter

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/terms
Title: terms of service

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/privacy
Title: privacy policy.

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid
Title: Log in with your email address

Search URL Search Domain Scan URL

URL: https://peteaguilar.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://peteaguilar.com/page/s/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://presidentvladimirputin.live/ HTTP 301
https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request rS2gv9uNWEWzvFJubwUATA2 Show response
secure.ngpvan.com/
Redirect Chain

http://presidentvladimirputin.live/
https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&...

19 KB
7 KB

171ms
111ms

Document
text/html

45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0f0b712afbfd34939000ed4fe92de9e6c36154d89c60cb4696f9527582113798

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Content-Type: text/html; charset=utf-8
Date: Thu, 24 Mar 2022 18:26:56 GMT
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, max-age=10
Content-Encoding: gzip
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 4-212827575-212824711 2NNN RT(1648146416314 20) q(0 0 0 1) r(1 1)

Redirect headers

Date: Thu, 24 Mar 2022 18:26:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 257
Connection: keep-alive
Location: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Server: ip-10-123-122-97.ec2.internal
X-Request-Id: a8840170-2cc8-4f32-a3fe-75ca6c783e56

GET
H2 200 vmp8obr.js Show response
use.typekit.net/ 17 KB
7 KB 136ms
54ms Script
text/javascript 2600:141b:13::17d7:82e1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vmp8obr.js

Requested by

Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:82e1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

d1d11f2759f9057cd898147149b3be55fee2540dccca6984a0b595ad8d35d55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 24 Mar 2022 18:26:57 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6738

GET
H2 200 at.js Show response
static.everyaction.com/ea-actiontag/ 843 KB
241 KB 112ms
18ms Script
application/javascript 2600:9000:21ec:d000:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/at.js
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1d3bfe73c7da4924daecf214fab60a027d5125a2a01c8fd7e51b247069f49c1

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 14:39:08 GMT
content-encoding: gzip
age: 13670
x-cache: Hit from cloudfront
content-length: 245544
access-control-allow-origin: *
last-modified: Tue, 15 Mar 2022 14:33:10 GMT
server: AmazonS3
etag: "2b4d50476d55220baeacb35017e5d3cd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 73d76685a18ed386cef8f6fb5f61f844.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: 1SWzD-vwzsCPQ2p4r0AyCaZmjQ6ACkRe0MoXJVsCLizl0w_aCbO7dQ==

GET
H2 200 at.min.css
static.everyaction.com/ea-actiontag/ 111 KB
21 KB 122ms
20ms Stylesheet
text/css 2600:9000:21ec:d000:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/at.min.css
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da457125243c2824f0416bf9babb95022f822d302796f2d8bdb0c9639167ed9e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 14:06:38 GMT
content-encoding: gzip
age: 15620
x-cache: Hit from cloudfront
content-length: 20672
access-control-allow-origin: *
last-modified: Tue, 15 Mar 2022 14:33:10 GMT
server: AmazonS3
etag: "94863eae04299071119ce9bc18ef75e0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: kBN6olUMmN6qQCgfyOrcvRSsGYVNN5WpTim0MiRGiEXk3vauDJ0-Lg==

GET
H/1.1 200
OK script-error Show response
secure.ngpvan.com/js/ 246 B
585 B 21ms
20ms Script
text/javascript 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.ngpvan.com/js/script-error?v=LR3iM4M7kAES0Kfs-kdOEFlJ6eRhSmwTVMRMKnRLIxs1
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.31.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: b8492fb2692042df038f6ed3a0f874e72125916c0cbe1570f59b991c78039f3c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 18:26:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 14:59:52 GMT
X-CDN: Imperva
Content-Type: text/javascript; charset=utf-8
X-Iinfo: 4-212827575-0 0CNN RT(1648146416314 156) q(0 -1 -1 -1) r(0 -1)
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=28499576, public
Content-Length: 174
Expires: Fri, 17 Feb 2023 14:59:52 GMT

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 111ms
22ms Script
application/javascript 13.225.223.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-65.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: MIiZqsZIbmUuLBPCQnATi6p_MgrmaU_3
Content-Encoding: gzip
ETag: W/"f3cecf4193fb217244937c56bee4b1b6"
Age: 39789
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Access-Control-Allow-Origin: *
Last-Modified: Fri, 13 Dec 2019 10:03:51 GMT
Server: AmazonS3
Date: Thu, 24 Mar 2022 07:23:49 GMT
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Via: 1.1 9a3e0ef03bf0c78d769c66eb676df48c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK51-C1
X-Amz-Cf-Id: 0CAG-zEfjNe1YaxBPnHym7tYbOwSWT3kuniRIXgtm6rp3JC4JtjhhQ==

GET
H/1.1 200
OK _Incapsula_Resource Show response
secure.ngpvan.com/ 133 KB
19 KB 27ms
26ms Script
application/javascript 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.ngpvan.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=2140180328
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.31.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: ebed9266222d4081c36a33816238b7c0fc8a626372495887188996c7309bc83a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Encoding: gzip
Cache-Control: no-cache, no-store
X-Robots-Tag: noindex
Content-Length: 19215
Content-Type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 124 KB
45 KB 93ms
43ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bd3447c6f7d1717261b82a8dfecc8b69c90f44cc03fc36fc1cbbd206d422da0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45494
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 24 Mar 2022 18:26:57 GMT

GET
H/1.1 200
OK Aguilar_Wrapper_BSD-Augillar_Trump_20210729_copy.jpg
nvlupin.blob.core.windows.net/images/van/NGP/NGP30/1/90419/images/ 1 MB
1 MB 210ms
56ms Image
image/jpeg 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nvlupin.blob.core.windows.net/images/van/NGP/NGP30/1/90419/images/Aguilar_Wrapper_BSD-Augillar_Trump_20210729_copy.jpg
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: c4641f16a60eb98ec739ed42eddf308007bfee6aa1e1f89638f8848485d5374a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 24 Mar 2022 18:26:56 GMT
Last-Modified: Mon, 16 Aug 2021 19:55:28 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D960EFCBB61F48
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-ms-request-id: 62d56493-901e-00fe-13ac-3f2d9d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 1150043

GET
H2 200 ai.2.min.js Show response
az416426.vo.msecnd.net/scripts/b/ 120 KB
40 KB 105ms
22ms Script
text/javascript 2606:2800:11f:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/78CA) /
Resource Hash: feb5a95f889fd1ecdabaab0aece26b232bdb83017971c4636dce99105898f318

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 24 Mar 2022 18:26:57 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-07 00:07:47
content-md5: kIbzAcz/m2O65DekgfwJzw==
age: 202
x-cache: HIT
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.7.4.min.js
content-length: 40497
x-ms-lease-status: unlocked
last-modified: Wed, 02 Mar 2022 20:08:25 GMT
server: ECAcc (nya/78CA)
x-ms-meta-aijssdkver: 2.7.4
etag: 0x8D9FC8868AFB46B
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: fefa994c-901e-0035-5fac-3f8461000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19
expires: Thu, 24 Mar 2022 18:56:57 GMT

GET
H/1.1 200
OK _Incapsula_Resource
secure.ngpvan.com/ 1 B
123 B 17ms
17ms Image
text/plain 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.ngpvan.com/_Incapsula_Resource?SWKMTFSR=1&e=0.9331261669030182
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.31.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
X-Robots-Tag: noindex
Content-Length: 1
Content-Type: text/plain

GET
H2 200 l
use.typekit.net/af/2d988a/00000000000000003b9b1338/27/ 44 KB
45 KB 75ms
18ms Font
application/font-woff2 2600:141b:13::17d7:82e1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2d988a/00000000000000003b9b1338/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82e1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9c4ea932ba4feba08c8486917f79710309a44e497e81b4a2214fab3f3de5aaf4

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
server: nginx
etag: "ed37942c006659286cd1ca26caf00a8babc192be"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45452

GET
H2 200 l
use.typekit.net/af/da10e7/00000000000000003b9b1337/27/ 47 KB
48 KB 91ms
35ms Font
application/font-woff2 2600:141b:13::17d7:82e1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/da10e7/00000000000000003b9b1337/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82e1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 676661a4cd041701a55233d2cc1358cd874d1fd5d85256eaa35ef98e5615b28e

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
server: nginx
etag: "81284a8fefb838febe765b3895655b91b6f06f3a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 48360

GET
H2 200 l
use.typekit.net/af/05093b/00000000000000003b9b133d/27/ 46 KB
46 KB 89ms
33ms Font
application/font-woff2 2600:141b:13::17d7:82e1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/05093b/00000000000000003b9b133d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82e1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 026e0334e803cf2aadc379101e61937153ab27c1a77039f842dd75a8d2acab34

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
server: nginx
etag: "0e6c40366088b6d49ea4ba34773b8260135be0b6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 46600

GET
H2 200 l
use.typekit.net/af/1bab1a/00000000000000003b9b133e/27/ 48 KB
49 KB 90ms
34ms Font
application/font-woff2 2600:141b:13::17d7:82e1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1bab1a/00000000000000003b9b133e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82e1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 2b517e93a68cb99952b049a002a5fb713d2c817e06a70dfb8d78067eaa86afd7

Request headers

Referer: https://secure.ngpvan.com/
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
server: nginx
etag: "253ac109a1abf04e8864aa7474d29d385d847cca"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 49540

GET
H2 200 identity Show response
profile.ngpvan.com/ 72 B
1 KB 138ms
73ms Script
text/javascript 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://profile.ngpvan.com/identity?callback=_jqjsp

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / Express, ASP.NET

Resource Hash

8b22653c401bcdd25186a765f2c6646bf8b5ce357f878d872624104551e60d58

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi OUR OTRo STP IND COM NAV DEM"
x-iinfo: 2-132579818-132579822 NNNN CT(-1 -1 2) RT(1648146416814 0) q(0 0 0 5) r(0 0) U5
x-cdn: Imperva
content-type: text/javascript; charset=utf-8
content-length: 190
etag: W/"48-5dKvQS7f04ijEuPBovd7gRw1vJQ"
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 115 KB
42 KB 35ms
35ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4db9fd4ea21bd700a5bb05499d7e015ee7cd70074af199dc3ce1b23d0d699d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42438
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 24 Mar 2022 18:26:57 GMT

GET
H2 200 extra.min.css
static.everyaction.com/ea-actiontag/ 93 KB
16 KB 20ms
20ms Stylesheet
text/css 2600:9000:21ec:d000:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2c110f2c40d9168b6a2000fc9aaec3a02494980e6a0f54665e7ca900dbfa34a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 14:39:09 GMT
content-encoding: gzip
age: 13669
x-cache: Hit from cloudfront
content-length: 15864
access-control-allow-origin: *
last-modified: Tue, 15 Mar 2022 14:33:10 GMT
server: AmazonS3
etag: "4c3d8adef62704ce43c6a6c2185e5e75"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: aW143yXOk3y9POIDJKuEq-g27JYPMsYeptbF8yHz0AbG6iKtzGHIRA==

GET
H/1.1 200
OK rS2gv9uNWEWzvFJubwUATA2 Show response
secure.ngpvan.com/v1/Forms/ 6 KB
3 KB 98ms
98ms XHR
application/json 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/v1/Forms/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c4ec802dd51961704ebfdc9103e562030d34ad106b0e0d04f33b2753edf55735

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 18:26:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
X-Iinfo: 4-212827575-212824711 2NNN RT(1648146416314 482) q(0 1 1 -1) r(1 1)
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, max-age=10
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security: max-age=31536000
Vary: Origin,Accept-Encoding
Content-Length: 2504
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 96ms
19ms Image
image/gif 2600:141b:13::17d7:82cb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vmp8obr&ht=tk&h=secure.ngpvan.com&f=16353.37461.37466.37467&a=12641256&js=1.21.0&app=typekit&e=js&_=1648146417356
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82cb New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:57 GMT
last-modified: Sat, 09 Oct 2021 06:42:30 GMT
server: nginx
etag: "616139d6-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 70ms
21ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6181
date: Thu, 24 Mar 2022 16:43:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 24 Mar 2022 18:43:56 GMT

GET
H2 200 identity Show response
fastaction.ngpvan.com/api/v1/ 182 B
742 B 53ms
33ms Script
text/javascript 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://fastaction.ngpvan.com/api/v1/identity?callback=_jqjsp&_1648146417386=

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Cowboy / Express

Resource Hash

751674980309593bf2de0e7fb6573153b489e35765b45d5fe50c7b9f743a45a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 vegur
x-content-type-options: nosniff
server: Cowboy
content-encoding: gzip
x-powered-by: Express
vary: Accept-Encoding
p3p: CP="NOI ADM DEV COM NAV OUR STP"
x-iinfo: 2-132579831-132579832 NNYY CT(8 11 0) RT(1648146416916 0) q(0 0 0 1) r(0 0) U18
cache-control: max-age=0
date: Thu, 24 Mar 2022 18:26:57 GMT
etag: W/"b6-6ajcOYrcFEZPSJJW4zjqFmyvMgI"
content-type: text/javascript; charset=utf-8
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3,roleName=FastAction

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 glyphicons-regular.woff2
static.everyaction.com/ea-actiontag/assets/fonts/ 94 KB
95 KB 18ms
18ms Font
application/font-woff2 2600:9000:21ec:d000:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/assets/fonts/glyphicons-regular.woff2
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591

Request headers

Referer: https://static.everyaction.com/ea-actiontag/at.min.css
Origin: https://secure.ngpvan.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 12:57:54 GMT
via: 1.1 73d76685a18ed386cef8f6fb5f61f844.cloudfront.net (CloudFront)
age: 19744
x-cache: Hit from cloudfront
content-length: 96388
last-modified: Tue, 07 Dec 2021 15:33:44 GMT
server: AmazonS3
etag: "aca35251952e72d9e32d41217f0f97ab"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: 3N8tLZZD5WQSpy8aFTixttkA9u6JjbctTlhFj5t_DrQUF7iZM54tAQ==

GET
H/1.1 200
OK rS2gv9uNWEWzvFJubwUATA2
secure.ngpvan.com/v1/Track/ 0
637 B 46ms
45ms Image
text/plain 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.ngpvan.com/v1/Track/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615&formSessionId=32c76bb7-ec35-4d9c-841d-2642d7f350d1&bName=chrome&dType=desktop&fUrl=aHR0cHM6Ly9zZWN1cmUubmdwdmFuLmNvbS9yUzJndjl1TldFV3p2Rkp1YndVQVRBMj9zb3VyY2U9TVNfRU1fUEVUXzIwMjIuMDMuMTZfQjFfY29uZGVtbi10cnVtcF9YX19GMV9TMV9DMV9fbWFpbiZlbWNpPTM1ODllNjEyLTNkYTUtZWMxMS1hMjJhLTI4MTg3OGI4NTExMCZlbWRpPTQ3ZDVjNDg4LTZmYTUtZWMxMS1hMjJhLTI4MTg3OGI4NTExMCZjZWlkPTE3NTU5NjE1&fRef=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Imperva
Date: Thu, 24 Mar 2022 18:26:56 GMT
X-Frame-Options: SAMEORIGIN
X-Iinfo: 4-212827575-212827655 NNNY CT(6 18 0) RT(1648146416314 629) q(0 0 0 -1) r(0 0) U2
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 fast-action.svg
static.everyaction.com/ea-actiontag/assets/images/ 9 KB
9 KB 24ms
23ms Image
image/svg+xml 2600:9000:21ec:d000:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.everyaction.com/ea-actiontag/assets/images/fast-action.svg
Requested by: Host: secure.ngpvan.com
URL: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d000:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 14:21:18 GMT
via: 1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
age: 14740
x-cache: Hit from cloudfront
content-length: 9203
last-modified: Tue, 07 Dec 2021 15:33:44 GMT
server: AmazonS3
etag: "babd47dc25531a9faeadc04f1afa1910"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: oM2f_A6r8Bt4sNb45_76_-IshgeYCfE1sGSXJHh6yGtIZGhgGrPdOw==

GET
H2 200 nvtag Show response
profile.ngpvan.com/v2/data/pnXmeJYs1ktbsJd2DC76gU08/ 2 B
954 B 72ms
37ms XHR
application/json 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/v2/data/pnXmeJYs1ktbsJd2DC76gU08/nvtag
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.31.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.ngpvan.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 18:26:56 GMT
content-encoding: gzip
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Origin,Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.ngpvan.com
x-iinfo: 2-132579848-132579849 PNNN RT(1648146417090 0) q(0 0 0 -1) r(1 1) U5
access-control-allow-credentials: true
content-length: 123
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 62ms
34ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=104&_u=YEBAAEABAAAAAC~&jid=1915510449&gjid=755934607&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&_r=1&gtm=2wg3e05L2FSL&z=1919874023

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.ngpvan.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 18:26:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.ngpvan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
440 B 89ms
32ms XHR
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-28243511-23&cid=1663502960.1648146418&jid=624037239&gjid=1143182640&_gid=1069733700.1648146418&_u=YGDAgEABAAAAAG~&z=166164434

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.ngpvan.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 24 Mar 2022 18:26:57 GMT
content-type: text/plain
access-control-allow-origin: https://secure.ngpvan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
20ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEABAAAAAC~&jid=624037239&gjid=1143182640&cid=1663502960.1648146418&tid=UA-28243511-23&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FNGP%2FNGP30%2F1%2F90419&cd3=4980473&cd5=PET%3A%20Condemn%20Trump&cd6=rS2gv9uNWEWzvFJubwUATA2&z=1978521173

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
20ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=PetitionForm&ea=Form%20Load&el=Minimal&ev=15&_u=YGDAgEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-23&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FNGP%2FNGP30%2F1%2F90419&cd3=4980473&cd5=PET%3A%20Condemn%20Trump&cd6=rS2gv9uNWEWzvFJubwUATA2&z=277991025

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
20ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=9&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&z=1662860973

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
20ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Render&utt=29&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&z=552442501

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
21ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Fill&utt=9&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&z=1748221208

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 23ms
22ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Form&utt=154&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&z=724956992

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 23ms
22ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=417705864&t=timing&_s=1&dl=https%3A%2F%2Fsecure.ngpvan.com%2FrS2gv9uNWEWzvFJubwUATA2%3Fsource%3DMS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main%26emci%3D3589e612-3da5-ec11-a22a-281878b85110%26emdi%3D47d5c488-6fa5-ec11-a22a-281878b85110%26ceid%3D17559615&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Total&utt=188&_u=YGDAAEABAAAAAG~&jid=&gjid=&cid=1663502960.1648146418&tid=UA-28243511-22&_gid=1069733700.1648146418&gtm=2wg3e05L2FSL&z=285967250

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://secure.ngpvan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 06:09:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44250
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content pnXmeJYs1ktbsJd2DC76gU08 Show response
secure.everyaction.com/Databag/Profile/ 0
1 KB 108ms
49ms XHR
text/plain 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/Databag/Profile/pnXmeJYs1ktbsJd2DC76gU08

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.ngpvan.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 18:26:56 GMT
X-Content-Type-Options: nosniff
X-CDN: Imperva
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: https://secure.ngpvan.com
X-Iinfo: 3-168897466-168897468 NNNY CT(10 20 0) RT(1648146417234 20) q(0 0 0 0) r(0 0) U11
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H/1.1 204
No Content pnXmeJYs1ktbsJd2DC76gU08 Show response
secure.ngpvan.com/Databag/Profile/ 0
724 B 43ms
43ms XHR
text/plain 45.60.31.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/Databag/Profile/pnXmeJYs1ktbsJd2DC76gU08

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.ngpvan.com/rS2gv9uNWEWzvFJubwUATA2?source=MS_EM_PET_2022.03.16_B1_condemn-trump_X__F1_S1_C1__main&emci=3589e612-3da5-ec11-a22a-281878b85110&emdi=47d5c488-6fa5-ec11-a22a-281878b85110&ceid=17559615
Request-Id: |5c2940f24d014a95bc5ab5cc3d2443a6.7e639146c06a4d61
traceparent: 00-5c2940f24d014a95bc5ab5cc3d2443a6-7e639146c06a4d61-01
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Imperva
Date: Thu, 24 Mar 2022 18:26:56 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
X-Iinfo: 4-212827575-212827655 SNNy RT(1648146416314 882) q(0 0 0 -1) r(1 1) U11
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
281 B 149ms
149ms XHR
application/json 20.42.73.142
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.42.73.142 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3fc7ea62c1ba9e88745386d2b9f676ae61ca52e6c599a69abca766fd404c5884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.ngpvan.com/
Accept-Language: en-CA,en;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 88536E01-5531-43C0-9255-378E5E1DBBF1
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 24 Mar 2022 18:26:57 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ 0
0 204ms
28ms Preflight 20.42.73.142
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.42.73.142 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,sdk-context
Origin: https://secure.ngpvan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-methods: POST
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin: *
access-control-max-age: 3600
x-content-type-options: nosniff
date: Thu, 24 Mar 2022 18:26:57 GMT
content-length: 0

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ngpvan.com/	1970-01-20 10:34:34	Name: visid_incap_1002065 Value: +Lfqc+CWQSCrCgyG+66h7/C3PGIAAAAAQUIPAAAAAABttILJCIP9rHtnAi0kO5G1
.ngpvan.com/	1969-12-31 23:59:59	Name: incap_ses_488_1002065 Value: s/MuWfm1YSFodHP2CrrFBvC3PGIAAAAAjM5JMcKzYRoxNyA7uu/Kng==
.secure.ngpvan.com/	1970-01-20 01:49:10	Name: TiPMix Value: 27.792028504045476
.secure.ngpvan.com/	1970-01-20 01:49:10	Name: x-ms-routing-name Value: self
.ngpvan.com/	1969-12-31 23:59:59	Name: nlbi_1002065 Value: tqazJkiqiwkiz+wX0IOYSwAAAACIF7dhP75NcqB2W38EtJ10
secure.ngpvan.com/	1970-01-20 10:34:42	Name: ai_user Value: FJxwdRdFzDCoRhP9u5udAK\|2022-03-24T18:26:57.312Z
secure.ngpvan.com/	1970-01-20 01:49:08	Name: ai_session Value: 36+VkfYRjVAUyRjjgpr/ci\|1648146417351\|1648146417351
.ngpvan.com/	1970-01-20 10:34:34	Name: visid_incap_2233503 Value: 6veP+116QIONSLhOAx2X7PC3PGIAAAAAQUIPAAAAAADGfdaqTJqeKLL0o3IYwSNs
.ngpvan.com/	1969-12-31 23:59:59	Name: nlbi_2233503 Value: disUc66rmwMsEeOLvIV21QAAAACjgnYuHzpp70/T+BHk14yZ
.ngpvan.com/	1969-12-31 23:59:59	Name: incap_ses_488_2233503 Value: fVqcISc8XgpMdXP2CrrFBvC3PGIAAAAAofm4579R4klCWi04VqT87w==
.profile.ngpvan.com/	1970-01-20 01:49:10	Name: TiPMix Value: 25.711155156766186
.profile.ngpvan.com/	1970-01-20 01:49:10	Name: x-ms-routing-name Value: self
profile.ngpvan.com/	1970-01-23 17:27:59	Name: ngpvanuser Value: pnXmeJYs1ktbsJd2DC76gU08
.ngpvan.com/	1970-01-20 10:34:34	Name: visid_incap_972453 Value: MAzpoXW7ToaTuiRR4DX4T/C3PGIAAAAAQUIPAAAAAAAVrV2QjoJtzuLrPGcaY4PK
.ngpvan.com/	1969-12-31 23:59:59	Name: nlbi_972453 Value: 3DL7GJ9bUTy02AUUMvukzwAAAAB0KDHXQTc0tikBb0StWAZg
.ngpvan.com/	1969-12-31 23:59:59	Name: incap_ses_488_972453 Value: F2FHDpLen0WAdXP2CrrFBvC3PGIAAAAA3pdlAVOtKbhNl/fuGs27cg==
.ngpvan.com/	1970-01-20 19:20:18	Name: _ga Value: GA1.2.1663502960.1648146418
.ngpvan.com/	1970-01-20 01:50:32	Name: _gid Value: GA1.2.1069733700.1648146418
.ngpvan.com/	1970-01-20 01:49:06	Name: _gat_UA-28243511-22 Value: 1
.ngpvan.com/	1970-01-20 01:49:06	Name: _dc_gtm_UA-28243511-23 Value: 1
.ngpvan.com/	1970-01-23 17:29:25	Name: ProfileDatabagId Value: pnXmeJYs1ktbsJd2DC76gU08
.secure.everyaction.com/	1970-01-20 01:49:10	Name: TiPMix Value: 92.00781509301237
.secure.everyaction.com/	1970-01-20 01:49:10	Name: x-ms-routing-name Value: self
.everyaction.com/	1970-01-23 17:29:25	Name: ProfileDatabagId Value: pnXmeJYs1ktbsJd2DC76gU08

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
dc.services.visualstudio.com
fastaction.ngpvan.com
js.verygoodvault.com
nvlupin.blob.core.windows.net
p.typekit.net
presidentvladimirputin.live
profile.ngpvan.com
secure.everyaction.com
secure.ngpvan.com
static.everyaction.com
stats.g.doubleclick.net
use.typekit.net
www.google-analytics.com
www.googletagmanager.com
13.225.223.65
15.197.142.173
20.42.73.142
2600:141b:13::17d7:82cb
2600:141b:13::17d7:82e1
2600:9000:21ec:d000:3:1d53:4780:93a1
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2607:f8b0:4004:c06::9d
2607:f8b0:4006:80f::2008
2607:f8b0:4006:820::200e
45.60.31.183
52.239.157.138
026e0334e803cf2aadc379101e61937153ab27c1a77039f842dd75a8d2acab34
0f0b712afbfd34939000ed4fe92de9e6c36154d89c60cb4696f9527582113798
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756
2b517e93a68cb99952b049a002a5fb713d2c817e06a70dfb8d78067eaa86afd7
3fc7ea62c1ba9e88745386d2b9f676ae61ca52e6c599a69abca766fd404c5884
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4db9fd4ea21bd700a5bb05499d7e015ee7cd70074af199dc3ce1b23d0d699d74
676661a4cd041701a55233d2cc1358cd874d1fd5d85256eaa35ef98e5615b28e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
751674980309593bf2de0e7fb6573153b489e35765b45d5fe50c7b9f743a45a7
7bd3447c6f7d1717261b82a8dfecc8b69c90f44cc03fc36fc1cbbd206d422da0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b22653c401bcdd25186a765f2c6646bf8b5ce357f878d872624104551e60d58
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c4ea932ba4feba08c8486917f79710309a44e497e81b4a2214fab3f3de5aaf4
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1d3bfe73c7da4924daecf214fab60a027d5125a2a01c8fd7e51b247069f49c1
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985
b8492fb2692042df038f6ed3a0f874e72125916c0cbe1570f59b991c78039f3c
c4641f16a60eb98ec739ed42eddf308007bfee6aa1e1f89638f8848485d5374a
c4ec802dd51961704ebfdc9103e562030d34ad106b0e0d04f33b2753edf55735
d1d11f2759f9057cd898147149b3be55fee2540dccca6984a0b595ad8d35d55e
d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf
da457125243c2824f0416bf9babb95022f822d302796f2d8bdb0c9639167ed9e
dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591
e2c110f2c40d9168b6a2000fc9aaec3a02494980e6a0f54665e7ca900dbfa34a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebed9266222d4081c36a33816238b7c0fc8a626372495887188996c7309bc83a
feb5a95f889fd1ecdabaab0aece26b232bdb83017971c4636dce99105898f318

secure.ngpvan.com Open in urlscan Pro 45.60.31.183 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

39 Requests

100 %HTTPS

58 %IPv6

11 Domains

15 Subdomains

12 IPs

1 Countries

1905 kBTransfer

3120 kBSize

24 Cookies

9 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

secure.ngpvan.com Open in urlscan Pro
45.60.31.183 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

58 %
IPv6

11
Domains

15
Subdomains

12
IPs

1
Countries

1905 kB
Transfer

3120 kB
Size

24
Cookies

39 HTTP transactions
1 data transactions