secure.winred.com Open in urlscan Pro
104.19.211.89 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://trk.cp20.com/click/gmlp-8vuuu-c0khh-ij6tp52/
Effective URL:
https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&...
Submission: On February 28 via manual (February 28th 2024, 5:03:29 pm UTC) from US — Scanned from CA

Summary HTTP 169 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 23 domains to perform 169 HTTP transactions. The main IP is 104.19.211.89, located in and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 78308.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2024. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.156.37.76 15.156.37.76	16509 (AMAZON-02) (AMAZON-02)
1 12	104.19.211.89 104.19.211.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	142.250.12.97 142.250.12.97	15169 (GOOGLE) (GOOGLE)
3	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
42	18.173.166.90 18.173.166.90	16509 (AMAZON-02) (AMAZON-02)
4	173.194.77.95 173.194.77.95	15169 (GOOGLE) (GOOGLE)
3	18.173.219.17 18.173.219.17	16509 (AMAZON-02) (AMAZON-02)
1	104.16.56.101 104.16.56.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	142.250.12.102 142.250.12.102	15169 (GOOGLE) (GOOGLE)
1	104.19.212.89 104.19.212.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	69.147.92.12 69.147.92.12	10310 (YAHOO-1) (YAHOO-1)
4	18.209.79.16 18.209.79.16	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
3	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
3	142.251.4.92 142.251.4.92	15169 (GOOGLE) (GOOGLE)
5	142.250.12.156 142.250.12.156	15169 (GOOGLE) (GOOGLE)
2	104.16.250.69 104.16.250.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.96.156 142.250.96.156	15169 (GOOGLE) (GOOGLE)
5	142.250.96.106 142.250.96.106	15169 (GOOGLE) (GOOGLE)
8	142.250.12.94 142.250.12.94	15169 (GOOGLE) (GOOGLE)
2	13.35.93.85 13.35.93.85	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
3	173.194.77.101 173.194.77.101	15169 (GOOGLE) (GOOGLE)
1	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
2	198.202.176.201 198.202.176.201	16509 (AMAZON-02) (AMAZON-02)
4	142.250.96.94 142.250.96.94	15169 (GOOGLE) (GOOGLE)
15	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
3	44.239.187.210 44.239.187.210	16509 (AMAZON-02) (AMAZON-02)
12	142.250.96.100 142.250.96.100	15169 (GOOGLE) (GOOGLE)
3	151.101.128.176 151.101.128.176	54113 (FASTLY) (FASTLY)
6	104.19.218.90 104.19.218.90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
169	31

1 15.156.37.76 (Montreal, Canada) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-156-37-76.ca-central-1.compute.amazonaws.com

trk.cp20.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.19.211.89 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.12.97 (United States)

ASN15169 (GOOGLE, US)
PTR: ge-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 18.173.166.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-166-90.mia3.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.194.77.95 (United States)

ASN15169 (GOOGLE, US)
PTR: gc-in-f95.1e100.net

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.219.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-17.jfk52.r.cloudfront.net

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.12.102 (United States)

ASN15169 (GOOGLE, US)
PTR: ge-in-f102.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.212.89 (None, )

ASN13335 (CLOUDFLARENET, US)

app.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.147.92.12 (Ashburn, United States)

ASN10310 (YAHOO-1, US)
PTR: e2.ycpi.vip.dca.yahoo.com

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.209.79.16 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-79-16.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.4.92 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: gm-in-f92.1e100.net

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.12.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ge-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.250.69 (None, )

ASN13335 (CLOUDFLARENET, US)

gtm.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.96.156 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: gg-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.96.106 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: gg-in-f106.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.12.94 (United States)

ASN15169 (GOOGLE, US)
PTR: ge-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.93.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-85.jfk50.r.cloudfront.net

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.77.101 (United States)

ASN15169 (GOOGLE, US)
PTR: gc-in-f101.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.202.176.201 (United States)

ASN16509 (AMAZON-02, US)

merchant-ui-api.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.96.94 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: gg-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

r.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.239.187.210 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-187-210.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.96.100 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: gg-in-f100.1e100.net

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.128.176 (United States)

ASN54113 (FASTLY, US)

b.stripecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.218.90 (None, )

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	stripe.com js.stripe.com — Cisco Umbrella Rank: 1204 merchant-ui-api.stripe.com — Cisco Umbrella Rank: 5270 r.stripe.com — Cisco Umbrella Rank: 3338 m.stripe.com — Cisco Umbrella Rank: 1173	2 MB
23	google.com pay.google.com — Cisco Umbrella Rank: 2911 www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 159 play.google.com — Cisco Umbrella Rank: 37	423 KB
15	winred.com 1 redirects secure.winred.com — Cisco Umbrella Rank: 78308 app.winred.com — Cisco Umbrella Rank: 144789 gtm.winred.com — Cisco Umbrella Rank: 128599	214 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	775 KB
8	google.ca www.google.ca — Cisco Umbrella Rank: 9971	939 B
7	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 85 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	4 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
6	hcaptcha.com hcaptcha.com — Cisco Umbrella Rank: 5575 newassets.hcaptcha.com — Cisco Umbrella Rank: 6816 api.hcaptcha.com — Cisco Umbrella Rank: 6979	441 KB
4	gstatic.com www.gstatic.com	102 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2864	9 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 369	186 KB
3	stripecdn.com b.stripecdn.com — Cisco Umbrella Rank: 11932	45 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	247 B
3	cloudfront.net d35ligi1n5bgzc.cloudfront.net	252 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	74 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1277	16 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 704	7 KB
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1479	633 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 802	725 B
1	t.co t.co — Cisco Umbrella Rank: 660	377 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 783	15 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 787	7 KB
1	cp20.com 1 redirects trk.cp20.com — Cisco Umbrella Rank: 33418	358 B
169	23

	Domain	Requested by
42	js.stripe.com	secure.winred.com js.stripe.com
15	r.stripe.com	js.stripe.com
12	play.google.com	www.gstatic.com
12	secure.winred.com	1 redirects secure.winred.com static.cloudflareinsights.com
9	www.googletagmanager.com	secure.winred.com www.googletagmanager.com www.google-analytics.com
8	www.google.ca	secure.winred.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com secure.winred.com
5	www.google.com	secure.winred.com
5	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
4	www.gstatic.com	pay.google.com www.gstatic.com
4	tags.srv.stackadapt.com	secure.winred.com tags.srv.stackadapt.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	newassets.hcaptcha.com	hcaptcha.com newassets.hcaptcha.com
3	b.stripecdn.com	js.stripe.com b.stripecdn.com
3	m.stripe.com	m.stripe.network
3	analytics.google.com	www.googletagmanager.com
3	pay.google.com	js.stripe.com pay.google.com www.gstatic.com
3	www.facebook.com	secure.winred.com
3	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
3	connect.facebook.net	secure.winred.com connect.facebook.net
2	api.hcaptcha.com	newassets.hcaptcha.com
2	merchant-ui-api.stripe.com	js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	gtm.winred.com	www.googletagmanager.com
2	s.yimg.com	secure.winred.com s.yimg.com
1	hcaptcha.com	b.stripecdn.com
1	sp.analytics.yahoo.com	secure.winred.com
1	analytics.twitter.com	secure.winred.com
1	t.co	secure.winred.com
1	static.ads-twitter.com	secure.winred.com
1	app.winred.com	secure.winred.com
1	static.cloudflareinsights.com	secure.winred.com
1	trk.cp20.com	1 redirects
169	34

This site contains links to these domains. Also see Links.

Domain
winred.com
www.nrcc.org

Subject Issuer	Validity	Valid
secure.winred.com Cloudflare Inc ECC CA-3	`2024-01-22` - `2024-12-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-07` - `2024-03-06`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2024-01-22` - `2024-03-13`	2 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2023-09-09` - `2024-10-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-02`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-10-24` - `2024-04-17`	6 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2024-02-26` - `2024-05-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2024-05-23`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Frame ID: A96182A82C752F555F9C65D2C2D8FD92
Requests: 77 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: DAC075AFF0EA70FBCCF7020BC52007DF
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
Frame ID: 520902F2520361BAC7C65D6A63CA555B
Requests: 13 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
Frame ID: 1932A356B5569F34CA0E95B0174375BE
Requests: 10 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
Frame ID: F277733564AD0E354F9C7A7F3F10534D
Requests: 13 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html
Frame ID: 25B1086A64E91AB23FF72FF2E3077063
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html
Frame ID: 2C8B97E694B6E6390067D398B91F9CC6
Requests: 3 HTTP requests in this frame

Frame: https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
Frame ID: 8CC9178A98E7C730B00CB26974FF80EA
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 482FF6BE5B65E0695D5D649DE1E40265
Requests: 5 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: 946724272C4159F4AFC680C1D7736429
Requests: 12 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html
Frame ID: 6DF6680793890102E7CD4F6D6F298321
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html
Frame ID: 9DC99DADD2DA575130616F6338390352
Requests: 4 HTTP requests in this frame

Frame: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com
Frame ID: EC8408C75649369F9DC22CBCF89F6332
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
Frame ID: 69A2C7A5F2844F60195F5F235E5E448B
Requests: 7 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=14cep50e2rt
Frame ID: 94E31A6E6BD0F9789D004FDB4FBF55D7
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[1] OFFER EXPIRING

Page URL History Show full URLs

https://trk.cp20.com/click/gmlp-8vuuu-c0khh-ij6tp52/ HTTP 302
https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

hCaptcha (Security) Expand

Overall confidence: 100%
Detected patterns

https://hcaptcha.com/([\d]+?)/api.js

Page Statistics

169
Requests

99 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

31
IPs

3
Countries

4322 kB
Transfer

15014 kB
Size

42
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://www.nrcc.org/sms-terms
Title: here

Search URL Search Domain Scan URL

URL: https://www.nrcc.org/privacy-policy/
Title: here

Search URL Search Domain Scan URL

URL: https://www.nrcc.org/wp-content/uploads/2022/05/donate-form-nrcc-1.pdf
Title: Visit here.

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://trk.cp20.com/click/gmlp-8vuuu-c0khh-ij6tp52/ HTTP 302
https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

169 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
secure.winred.com/nrcc/golden-gavel/
Redirect Chain

https://trk.cp20.com/click/gmlp-8vuuu-c0khh-ij6tp52/
https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573

45 KB
13 KB

201ms
142ms

Document
text/html

104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c474030b041821aa8323346503ae553cc437810ad46edd33df08caf3627fcac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 85ca3d936a4036d7-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:03:22 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-rack-cors: miss; no-origin
x-request-id: b6b94cf2-7533-4384-b131-20fe0459b9fe
x-revv-cache: Hit from Revv
x-runtime: 0.045865
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 296
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:03:22 GMT
location: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
refresh: 0; URL=https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
server: cmp-trk-s1-04

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 459 KB
102 KB 142ms
61ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

66115a549fe7e200a3ee224aba9b00ad2c94164dd6f365edb76f4166634d11f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104185
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 88ms
29ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 28 Feb 2024 17:03:22 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: 9vXQBLnkmFqpZ06dKV/d985jTmpvTmHYnHtuSzs+yUfYcbWF2qcPzc5Px0oH8lLIuEUzlrBxML7Vx223ndy5Nw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 302 KB
100 KB 75ms
74ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

768d44dc8526fe5961efc1b7881f80382bde68acdcee1284d3bb88cbdd6d9b9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 101896
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 601 KB
147 KB 248ms
70ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

babc3eb5e5cedb13d8adcdd7afe26a5c1129cb3562ab9336458c450c2120074c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:02:55 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 28
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:39:32 GMT
server: Cloudfront
etag: W/"2b8c0ffb2d72150ba902c71ac2b887bb"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: NXjX7RN3XbLcZUKXEOQ6j9aNOLDd2BM97-YbNBO08MEuSvA9R0MhWA==

GET
H2 200 landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
secure.winred.com/assets/ 219 KB
34 KB 56ms
55ms Stylesheet
text/css 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 4RBMbG_c3G5laVKEwPaykYWu8oOdV56f
cf-cache-status: HIT
x-amz-request-id: DDMQVQGGNFGNG5XJ
age: 2132
cf-polished: origSize=227667
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: k6N5K878OsGFrKoNRtPSGWmqDbeO9qVc9Qj8yo2WJpb194sQUAabaMYdrQXbK48tJzsHALgmOX0=
cf-bgj: minify
last-modified: Tue, 28 Nov 2023 01:42:36 GMT
server: cloudflare
etag: W/"57df3b6cebff9962c43c29347b45123f"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 85ca3d947cd336d7-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H2 200 1708015106.css
secure.winred.com/stylesheets/rv_page_01he33747g0jhfjnyw0tv2z15z/ 8 KB
2 KB 55ms
54ms Stylesheet
text/css 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01he33747g0jhfjnyw0tv2z15z/1708015106.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58eac28618a14b5cac2eadac72e6a26114e10999194912b8ee05d207f025c812

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
age: 580280
cf-polished: origSize=8685
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 02a1cf1a-3167-4d43-abfb-3b996af8e56d
x-runtime: 0.042986
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Wed, 21 Feb 2024 23:52:02 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: public, max-age=31556952
cf-ray: 85ca3d947cd536d7-YYZ
expires: Thu, 27 Feb 2025 22:52:34 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 223 KB
74 KB 147ms
65ms Script
text/javascript 173.194.77.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.77.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gc-in-f95.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

ca70021f7af39ff1fb20242c6ede0d64e42d583665643ac5b2b1606692f32ced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75650
x-xss-protection: 0

GET
H2 200 application-landing-page-02af777e5ee180a830e80ded51b5415c5574565418fa1c9107f075f6dc9fd6e5.js Show response
secure.winred.com/assets/ 488 KB
137 KB 85ms
84ms Script
application/javascript 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-02af777e5ee180a830e80ded51b5415c5574565418fa1c9107f075f6dc9fd6e5.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

969e82bade7f2133977ae76c952503b1c7d8185b31a0a084c45f5c9aae1ce138

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 95BRgS7VdqaT8uLLM2He9ktkhRtARyWQ
cf-cache-status: HIT
x-amz-request-id: W6T188VSSMTMRYAT
age: 2132
cf-polished: origSize=499577
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QfevOnWnY3OGzTw4YRAUcAb5vtUV5tGuajOHVsHINlDtfJZe+ZHrNEjpxbKXyUzGjwl0Az2w3rM=
cf-bgj: minify
last-modified: Fri, 23 Feb 2024 02:52:49 GMT
server: cloudflare
etag: W/"988ca7229e9f5da8ee1d54cc48b9d293"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 85ca3d947cd636d7-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H2 200 1000x500_nobttn_%284%29.jpg
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/768/511/large/ 122 KB
122 KB 139ms
37ms Image
image/jpeg 18.173.219.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/768/511/large/1000x500_nobttn_%284%29.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-17.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fc41b9802e7858f041282e89e3196e15736488e093768a04ad4b742ffd92736c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 19:13:14 GMT
x-amz-version-id: SwMg8riejWx9TxDXB09mbTVEKZJbDmQ8
via: 1.1 da8cb5b9fb94d7de03d8eaa20297debc.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 14:53:51 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
age: 78609
etag: "2bbba90500c45f7e8ea3af43b071435c"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 124620
x-amz-cf-id: bpupXxjqzyZnO8J8xQT524p_GEuJth77EZ8GBr8xzopk5irC3oYGDg==

GET
H2 200 logo_winred_%282%29.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/036/332/square/ 7 KB
7 KB 130ms
29ms Image
image/png 18.173.219.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/036/332/square/logo_winred_%282%29.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-17.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d974342d079c80c412efb82a7492bbbe45e3694ce4bfabf820e39937ce20d1a5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id: E0gR7csO6..2PQ7GMKZAYZqT.00QzE06
date: Tue, 27 Feb 2024 17:16:06 GMT
via: 1.1 da8cb5b9fb94d7de03d8eaa20297debc.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P1
age: 85637
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 6960
last-modified: Sat, 17 Jul 2021 19:35:50 GMT
server: AmazonS3
etag: "0a6c3f92e998f341b4be4472768ab1bb"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: q-UjxNY7ThxVTHhiJ4d2HOh6ps2FNIa5njel2bV6Kx8Ki8tw1d2W3A==

GET
H3 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 52ms
51ms Image
image/webp 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: QT7TNO_2UJLGiuYsxQKB5.rqIfPdLgYd
cf-cache-status: HIT
x-amz-request-id: 6Z2V8R6S7MXPTZY6
age: 1399
cf-polished: origFmt=png, origSize=11635
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc: h3=":443"; ma=86400
content-length: 8708
x-amz-id-2: +EO/4/jeiqRKihJdBvb9LOQ7hXyqgNaXFEqXzAWrVAAfGeAA9CTZ19/z3lFP1rouy8ch9pwrTDQ=
cf-bgj: imgq:85,h2pri
last-modified: Wed, 07 Feb 2024 01:15:18 GMT
server: cloudflare
etag: "972c0cca8d1e490484e89513f902e847"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 85ca3d955e69a22e-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
7 KB 45ms
45ms Image
image/svg+xml 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
x-amz-version-id: f1JFLNaL.a2v3vTaKefRH3mKI0iL1aS2
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: HIT
x-amz-request-id: 1ZJZ2ZN4KNEEJG7P
age: 2774
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8LAT3UPX8ck4r9N4Zzkxy8U6fptuzCea7kxnwFlTGjJqPnLjheEoOJOiit7ZPiwydt3myYahLxo=
last-modified: Tue, 28 Nov 2023 01:42:37 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 85ca3d957ea0a22e-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 84ms
51ms Script
text/javascript 104.16.56.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://secure.winred.com/
Origin: https://secure.winred.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 85ca3d96db763a00-YYZ

GET
H2 200 437395704254527 Show response
connect.facebook.net/signals/config/ 62 KB
13 KB 31ms
29ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/437395704254527?v=2.9.147&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

c9f6066f177548c0520ca649a0089eaa6b2c18668baf6cd6b0b2ef3081d40b89

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 28 Feb 2024 17:03:22 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13079
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: GoHaRTHFA+m0ejBWD10xqO+WG51QUAxoeZA5SD6s8KJu81ComDDCBm5meQZvN2GBEKBAg6DB5Y18Vbz4DXjegQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
91 KB 61ms
60ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a307f24126830b031b286183c12a43a6a066b27401c9840e19c0818c882b27a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92725
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 123ms
40ms Script
text/javascript 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f102.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Feb 2024 15:05:02 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 7100
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 28 Feb 2024 17:05:02 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
86 KB 93ms
92ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B57E59LMFB&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

f125f9cf72340e352882f98f4fea59c51d6a4a1353f3f14db70f2febcc2c5bb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
86 KB 108ms
107ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

efa34559ba4d93e23d2f943f2a2d084b8ea8aa7c8e635991e70f576a2aa16bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88456
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 215 KB
77 KB 182ms
182ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-815133722&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a1a9afc9165c7a53a0f89dc34275ca32fc16a99003a1f886e12721074d663006

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78782
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H2 200 1920x1200_%2839%29.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/768/504/large/ 122 KB
123 KB 83ms
83ms Image
image/jpeg 18.173.219.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/768/504/large/1920x1200_%2839%29.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01he33747g0jhfjnyw0tv2z15z/1708015106.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-17.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01008ce7ecbd6b85dfb55053757ce194429dcf900025c8246f13fcced7f2ac05

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id: f0QAK.lBDSPK9zQbetO4dDOdu8gnzuo2
date: Wed, 28 Feb 2024 17:03:23 GMT
via: 1.1 da8cb5b9fb94d7de03d8eaa20297debc.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 14:50:21 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
x-amz-server-side-encryption: AES256
etag: "4b423faeb01ffc21b13886faa6a9aa5d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 125064
x-amz-cf-id: tG2ONFCQKhG65wa_4EBhgK1cvav2bb8YAj15-5LrrFuanTcYq_yuTg==

GET
H3 200 icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
secure.winred.com/assets/ 290 B
1 KB 80ms
80ms Image
image/webp 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: K2E67.chd4HmeGdtbNscNRAO_cKCqmqG
cf-cache-status: HIT
x-amz-request-id: QKG77Y3MQBJERKQB
age: 1398
cf-polished: origFmt=png, origSize=560
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=TUc2rrxeCcQ9_._8uo1FvpvWZtNWzXHr_SwJ2SR4whw-1709139802-1.0-ATVvZQ9aDZQb4N-4BwsFwt-_Rz7FmeixquWBYqjEgUdncTAwG-LqP0dboK7GErBIzixr5xfBPEjDRSpo_0Ro4r_iPdF5k66XTw-nFHgBa-s-iPSFNYGHAuSz1vIsu3LQp2jYLSKqKNnlEr74wv00BsuC9y6lACh0zYgJa8hUIJ1F; report-to cf-csp-endpoint
content-disposition: inline; filename="icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.webp"
alt-svc: h3=":443"; ma=86400
content-length: 290
x-amz-id-2: /QovSsboPvKSyeYurZQ337LeBOmZSCDhhrX6+cuHaWBmwt/9OnaouWCz/eFA0d6EbUbrWjErrJE=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 28 Nov 2023 01:42:35 GMT
server: cloudflare
etag: "571ee659b7ee9af9291e7dd8176721d5"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=TUc2rrxeCcQ9_._8uo1FvpvWZtNWzXHr_SwJ2SR4whw-1709139802-1.0-ATVvZQ9aDZQb4N-4BwsFwt-_Rz7FmeixquWBYqjEgUdncTAwG-LqP0dboK7GErBIzixr5xfBPEjDRSpo_0Ro4r_iPdF5k66XTw-nFHgBa-s-iPSFNYGHAuSz1vIsu3LQp2jYLSKqKNnlEr74wv00BsuC9y6lACh0zYgJa8hUIJ1F"}],"group":"cf-csp-endpoint","max_age":86400}
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 85ca3d9758eea22e-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame DAC0 200 B
1 KB 61ms
61ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3306
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:08:16 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Mon, 26 Feb 2024 18:03:05 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: -2sy3rM-Ygs006sZtrKX6r5xfDI3DNf8pHde7sotELp8SyWLdVlbhg==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 controller-24561481602787ae7f6a263bbe2d5a60.html Show response
js.stripe.com/v3/ Frame 5209 325 B
1 KB 64ms
64ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

efe72b2126d7df64b119eb8680e7906d79da199ed78a898b621a14023aad3944

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 28
cache-control: max-age=60, stale-while-revalidate=900
content-length: 325
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:02:54 GMT
etag: "24561481602787ae7f6a263bbe2d5a60"
last-modified: Tue, 27 Feb 2024 21:03:36 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: QDWLFO62vGj-FjDhjdKGUtf4-7wu8DxYQO1E1kMDfvIYwQ0xEqTpvw==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html Show response
js.stripe.com/v3/ Frame 1932 798 B
2 KB 61ms
61ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

795b37724f76b26f404656c781bdcfe286bd9906f69e35de3aeb552ae1233a17

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3360
cache-control: max-age=31536000
content-length: 798
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:07:39 GMT
etag: "e22778a3baa26fffcdc5791d48b2b7d0"
last-modified: Tue, 27 Feb 2024 21:03:36 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: XllVv8Lv24ogB12B8WJWqWjnPoXq-c1_NrVJbZQ4LBg5GkkqNCGeQQ==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 current_with_info Show response
app.winred.com/api/v3/users/ 162 B
1 KB 190ms
100ms XHR
application/vnd.api+json 104.19.212.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.winred.com/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/nrcc/golden-gavel?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-02af777e5ee180a830e80ded51b5415c5574565418fa1c9107f075f6dc9fd6e5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.212.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fee95f3d1a43f23cdb6950a2abe9c4f3542b96ed831e565275f0d37babf8f67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
x-rack-cors: hit
date: Wed, 28 Feb 2024 17:03:23 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-encoding: br
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
x-rack-cors-original-access-control-expose-headers
alt-svc: h3=":443"; ma=86400
x-request-id: 4fc53bd7-4185-48ec-8235-aa000ecae099
x-runtime: 0.011209
server: cloudflare
etag: W/"fee95f3d1a43f23cdb6950a2abe9c4f3"
access-control-max-age: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
cf-ray: 85ca3d9898fe7115-YYZ

GET
H2 200 controller-24561481602787ae7f6a263bbe2d5a60.html Show response
js.stripe.com/v3/ Frame F277 325 B
1 KB 62ms
61ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

efe72b2126d7df64b119eb8680e7906d79da199ed78a898b621a14023aad3944

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 28
cache-control: max-age=60, stale-while-revalidate=900
content-length: 325
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:02:54 GMT
etag: "24561481602787ae7f6a263bbe2d5a60"
last-modified: Tue, 27 Feb 2024 21:03:36 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: hdN0JEv-epIWU3DwsSmCirbXFchS5bZeRjqrKeIw5KVdDAJCMbYIlg==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html Show response
js.stripe.com/v3/ Frame 25B1 408 B
1 KB 64ms
62ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

3d8c52a6faeb03d06697e7e5d0b3750f00ac312c865efe425215c4de6f12619a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3138
cache-control: max-age=31536000
content-length: 408
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:11:24 GMT
etag: "fe674b1a2eac035a4fca37a448c4cb5c"
last-modified: Tue, 27 Feb 2024 21:03:51 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: _cngwQ0dvGJqMcxfXJBM8gf_AhleDTGGLHR4J0IGWIuiP6cKqJV8UA==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html Show response
js.stripe.com/v3/ Frame 2C8B 344 B
2 KB 62ms
62ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

99178d08aa305df7ddc152ca5ec2ae491d304a6259dcb3cfed8a3f20d7824bd7

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 27
cache-control: max-age=60, stale-while-revalidate=900
content-length: 344
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:02:58 GMT
etag: "aad6eaab6cf31e944cc2941bcf99434d"
last-modified: Tue, 27 Feb 2024 21:03:50 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: JTgBnC1A18AdcslkBfwM6WwYXVf66D4Ujx5jhheHpKCnncHJljncCw==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 fire-365c51c63f0fa83f47139e578465d6bd69699e979390039e196e31c415d42054.png
secure.winred.com/assets/emojis/ 3 KB
3 KB 41ms
41ms Image
image/webp 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/emojis/fire-365c51c63f0fa83f47139e578465d6bd69699e979390039e196e31c415d42054.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6441a42218327baedd704143d71b34a91d5713c0a787c32e428ab0efeb1c86c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 9HxFsqoP4gnidJAqkVtj90EJ7hKS5CVa
cf-cache-status: HIT
x-amz-request-id: 520BEMMWEDF419A2
age: 3315
cf-polished: origFmt=png, origSize=3789
content-disposition: inline; filename="fire-365c51c63f0fa83f47139e578465d6bd69699e979390039e196e31c415d42054.webp"
alt-svc: h3=":443"; ma=86400
content-length: 3054
x-amz-id-2: g74TRmKSpDytHP7ydoOpuMqG//F+JFwZzI8CSbUxVOFh/wMB3zUCj08IlDBypw06vGdbORKo0kk=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 23 Feb 2024 02:52:50 GMT
server: cloudflare
etag: "0f851525499523abfd224a0a0dfb1e9c"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 85ca3d984a32a22e-YYZ
expires: Wed, 28 Feb 2024 21:03:22 GMT

GET
H3

200

main.js Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/ Frame 8CC9
Redirect Chain

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

8 KB
4 KB

30ms
27ms

Script
application/javascript

104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

Requested by

Protocol

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916fb50ec19ac2c7ae599b5ec4630f80bf523c4cf4dd24607b35c48f45579c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 85ca3d98dae2a22e-YYZ
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
cache-control: max-age=300, public
cf-ray: 85ca3d985a49a22e-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 69ms
66ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9232116

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

fbfbd5a5892c79efc6acf236e0e3f9a0c0c72cdf14d2b676acb27ab6d5a5a811

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70841
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Feb 2024 17:03:22 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 18 KB
7 KB 107ms
30ms Script
application/javascript 69.147.92.12
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.147.92.12 Ashburn, United States, ASN10310 (YAHOO-1, US),

Reverse DNS

e2.ycpi.vip.dca.yahoo.com

Software

ATS /

Resource Hash

480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ats-carp-promotion: 1, 1
date: Wed, 28 Feb 2024 17:01:42 GMT
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: 9KV3YB6CM089R674
age: 102
x-amz-server-side-encryption: AES256
content-length: 6262
x-amz-id-2: pqT69D9LRm9DXcKlFA/TWWDt3SsnMfdlWtFtY78aiYsR0ihAUxRR70bmQCC/zhrfV0W3O5U3AsM=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
server: ATS
etag: "5c6ed25dce803fd84288922b8928409e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 139ms
55ms Script
text/javascript 18.209.79.16
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.79.16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-79-16.compute-1.amazonaws.com
Software: /
Resource Hash: 509eec1afe229da0e3513d1245824fd0d568012c1b4d991aec9920f863921ac3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 28 Feb 2024 17:03:23 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 111ms
31ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 15:55:14 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kcgs7200020-IAD

GET
H3 200 316720908987052 Show response
connect.facebook.net/signals/config/ 21 KB
3 KB 31ms
29ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/316720908987052?v=2.9.147&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100%2C175%2C174%2C176%2C181%2C182%2C183%2C179%2C171%2C116%2C118%2C170%2C172%2C107%2C137%2C129%2C132%2C113%2C166%2C206%2C101%2C111%2C207%2C144%2C105%2C127%2C120%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

b9ae89dfef0a2fac8e843b547269f242657cf67e848a7f823e8a38599fd94722

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 28 Feb 2024 17:03:22 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2822
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: Q0C+36DY9I+ctZXS2rt7/pR8lbDucyUxCVUUdqBVmbFIVF+8hjGygsM2LVIYBXWr6TSSmhIKmyHkJ+SArq3Lww==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 94ms
29ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=437395704254527&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&rl=&if=false&ts=1709139802959&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1709139802956.900269755&cs_est=true&ler=empty&cdl=API_unavailable&it=1709139802443&coo=false&exp=e1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 28 Feb 2024 17:03:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 93ms
30ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=437395704254527&ev=CompleteRegistration&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&rl=&if=false&ts=1709139802963&sw=1600&sh=1200&v=2.9.147&r=stable&ec=1&o=4126&fbp=fb.1.1709139802956.900269755&ler=empty&cdl=API_unavailable&it=1709139802443&coo=false&exp=e1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 28 Feb 2024 17:03:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame DAC0 526 B
1 KB 66ms
63ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:58:42 GMT
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 282
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 526
last-modified: Fri, 23 Feb 2024 21:02:41 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: gFKgslTT5YbXwr_t-qbECC9F1uXZo-1CFtZzkQYDEFknhZI_1FceRQ==

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5209 536 KB
118 KB 78ms
65ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3149
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: CygcA_ARlrSLM-ZBFPQ5oY8CztTFwlZkMb5_G-e4p0DlSeKPGIUpVA==

GET
H2 200 controller-a62645bb3952731175607a41372e7618.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5209 692 KB
162 KB 101ms
89ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-a62645bb3952731175607a41372e7618.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

1de6ed1cc1b4ddc0869b896b3b76ca21587250f1b491e5a468cbaae65e590411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1257
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:47 GMT
server: Cloudfront
etag: W/"6dc37e97b522a1bb2886ce2be506075e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: bBUc7B_0DYI4l_jmTYAeYnFgfL6cnodOHxdVc3S1FZ8aWG-EtPxagQ==

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1932 536 KB
118 KB 170ms
156ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3149
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: sa-j6t6YcfiaV9DTPqt7iNRl6OArpODoSzI5oGZuxEp3YptNLb5J_g==

GET
H2 200 ui-shared-de6c8afb762571bf96ccb5b02e4b502c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1932 416 KB
107 KB 138ms
126ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-de6c8afb762571bf96ccb5b02e4b502c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

20fa9dbe8b1f24b6720147bf27111de093e0904d156cef809d284d80ef12763b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:06:04 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3447
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:50 GMT
server: Cloudfront
etag: W/"7cfdbbcaee4888bce700a62ef427844b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: tl6qEqEhx54Is-2cUe2HuNMVzw4Go7ISbThXTKeAJIIxfynnR6KU6Q==

GET
H2 200 elements-inner-card-ff398c6fbe74f0d2e7977888f60a1a09.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1932 55 KB
14 KB 212ms
209ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-card-ff398c6fbe74f0d2e7977888f60a1a09.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

9bede70af013e13406e6e318442e30d10d545081fb58f490586b2011492f7955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:06:04 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3447
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:47 GMT
server: Cloudfront
etag: W/"a0de50b5aeca68152a1d39d615c84562"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: oNv2tSnhLt1t5Tp-SF4GikB9xlVDi6EZ_ZebK_yI4-gMPFp1KfjQpA==

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame 1932 20 KB
3 KB 135ms
122ms Stylesheet
text/css 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:02:33 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 59
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Fri, 23 Feb 2024 21:02:28 GMT
server: Cloudfront
etag: W/"b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: AXD93h35waHzLWDnfIjxx_DzP3GUs-fMVYjIb6NtZ7E8P7DduXs-mw==

GET
H2 200 elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css
js.stripe.com/v3/fingerprinted/css/ Frame 1932 14 KB
2 KB 174ms
167ms Stylesheet
text/css 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:00:39 GMT
content-encoding: gzip
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 175
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Mon, 26 Feb 2024 18:02:51 GMT
server: Cloudfront
etag: W/"87bf0041cf7ae5e77d770c423e25828a"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: P295-4fc96iOpJmEcQFird-CNHJ4kXnotyA37VMIFSD1uN8OXWNqHw==

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame F277 536 KB
118 KB 174ms
169ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3149
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: tq3r99WAZMXyR03i3poumN3YBQrjIrz_UruUj25IhXMD3duYwuZCNw==

GET
H2 200 controller-a62645bb3952731175607a41372e7618.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame F277 692 KB
162 KB 185ms
180ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-a62645bb3952731175607a41372e7618.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

1de6ed1cc1b4ddc0869b896b3b76ca21587250f1b491e5a468cbaae65e590411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1257
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:47 GMT
server: Cloudfront
etag: W/"6dc37e97b522a1bb2886ce2be506075e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: r0jO9VsMX_Sh_IxzbqKQgS1EpIW7cybSaZVpIZvGZFr4JafZ91m2SQ==

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 25B1 118 KB
36 KB 177ms
76ms Script
application/javascript 142.251.4.92
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.4.92 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gm-in-f92.1e100.net

Software

ESF /

Resource Hash

2d5fc8e00769aa30c75be1f3263ab5d0058ff6f126a4e48544c665696c4edd6f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-t8vg5tI5kwAISRJ-RJqDjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-t8vg5tI5kwAISRJ-RJqDjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjKtDikmLw1JBiWFYqxVBRK8WwZCaQX3OTqXPPTaZ1XY-YFrY_ZdLkesZUH_WMaSbvc6a4E8-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prPyrZvOqgLEmuunswYCsVP6DNYAIPapn8EaBcRC3By3z_1dxybwY_9lDwDYUzHp"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Wed, 28 Feb 2024 17:03:23 GMT

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 25B1 536 KB
118 KB 148ms
144ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3149
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: b9Gus1MNRJeW0W6plfhGNXqAr9wrfID3xcuEK0jRBJdoTUYcoMAp0Q==

GET
H2 200 payment-request-inner-google-pay-55926d87f8538450887ab383061d3425.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 25B1 12 KB
5 KB 62ms
61ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-55926d87f8538450887ab383061d3425.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f8e37527996d0530694a2a8ddf6afdcf28cc8a05e50ce3ce9d3f2f743b04659f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fe674b1a2eac035a4fca37a448c4cb5c.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:19:01 GMT
content-encoding: gzip
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 2669
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Thu, 22 Feb 2024 23:16:59 GMT
server: Cloudfront
etag: W/"c9c83657cf777673149a15b5cf68258f"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: e0Sv_xqyRhegneMlDI6GYXgWhNSpWxdA321EyZse-3IvSEFW861J0w==

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2C8B 536 KB
118 KB 212ms
208ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3149
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: En7EFeyUvCcicDS463FnYO2FltSNXBlYOcRQs_NImEvvLqqSbf4NYg==

GET
H2 200 payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2C8B 13 KB
6 KB 210ms
207ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-aad6eaab6cf31e944cc2941bcf99434d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:56:36 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 408
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Fri, 23 Feb 2024 00:08:40 GMT
server: Cloudfront
etag: W/"32dba56f50e599b5cc53a055305f8c45"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: _xVflKnWk3IsdI9BkKNg-hOoiwvmzZdGsDJ1snc1FPG-IzI4P-Rr8A==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
209 B 45ms
44ms XHR
text/plain 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1002247171&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&ul=en-us&de=UTF-8&dt=%5B1%5D%20OFFER%20EXPIRING&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=1521767615&gjid=617477422&cid=1830961297.1709139803&tid=UA-73658561-7&_gid=1467791445.1709139803&_slc=1&gtm=45He42q1n71NTQZ9Nv72410129za220&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&gcd=13l3l3l3l1&dma=0&z=1683661244

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f102.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 126ms
43ms XHR
text/plain 142.250.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-73658561-7&cid=1830961297.1709139803&jid=1521767615&gjid=617477422&_gid=1467791445.1709139803&_u=YGBAiEABBAAAAGAEK~&z=1315792480

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
83 B 45ms
44ms XHR
text/plain 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1002247171&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&ul=en-us&de=UTF-8&dt=%5B1%5D%20OFFER%20EXPIRING&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiEABBAAAAGAEK~&jid=1589228794&gjid=441102401&cid=1830961297.1709139803&tid=UA-15267911-1&_gid=1467791445.1709139803&_slc=1&gtm=45He42q1n715F48L7v71312789za220&gcd=13l3l3l3l1&dma=0&z=360540406

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f102.1e100.net

Software

Golfe2 /

Resource Hash

ad278fe8eae121836378c0f601a92379a53ee8658f93ae53567e8b0a6476eeb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 124ms
47ms XHR
text/plain 142.250.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=1589228794&gjid=441102401&_gid=1467791445.1709139803&_u=YGDAiEABBAAAAGAEK~&z=168391838

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 45ms
44ms XHR
text/plain 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f102.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
132 B 43ms
40ms Image
image/gif 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1002247171&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&ul=en-us&de=UTF-8&dt=%5B1%5D%20OFFER%20EXPIRING&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=YGDAiEABBAAAAGAEK~&jid=&gjid=&cid=1830961297.1709139803&tid=UA-73658561-7&_gid=1467791445.1709139803&gtm=45He42q1n71NTQZ9Nv72410129za220&cd41=anonymous&cd58=t&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&gcd=13l3l3l3l1&dma=0&z=448725707

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f102.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Feb 2024 19:41:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 76893
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 129ms
49ms XHR
application/json 173.194.77.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.77.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gc-in-f95.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
56 B 46ms
46ms Ping
text/plain 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CM6HT6HPTV&gtm=45je42q1v883914665z871312789za200&_p=1709139802303&gcd=13l3l3l3l1&npa=0&dma=0&cid=1830961297.1709139803&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1709139803&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&en=page_view&_fv=1&_ss=1&tfd=1150
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.12.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ge-in-f102.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect Show response
gtm.winred.com/g/ 739 B
977 B 286ms
239ms XHR
text/plain 104.16.250.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je42q1v867905447z872410129za220&_p=1709139802303&gcd=13l3l3l3l1&npa=0&dma=0&cid=1830961297.1709139803&ul=en-us&sr=1600x1200&_fplc=0&ur=CA-ON&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=CA&sst.gse=1&sst.etld=google.ca&sst.gcd=13l3l3l3l1&sst.tft=1709139802303&_s=1&sid=1709139803&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&en=page_view&_fv=1&_ss=1&ep.pagepath=%2Fnrcc%2Fgolden-gavel%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel&epn.load_time_sec=-1709139801.9&epn.event_fire_time=1709139802543&ep.event_uuid=9c397847-9439-4707-8bd5-83943a43e9be&ep.isVideoPage=f&ep.referrer=&tfd=1183&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.250.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a10344ff3e6b56c06e6f5285521145e0b29df8f04e751e0f6dbec39ed7bdceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 85ca3d99d9243a00-YYZ
alt-svc: h3=":443"; ma=86400

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 61ms
60ms Ping
text/plain 142.250.12.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-B57E59LMFB&gtm=45je42q1v878724311z871312789za220&_p=1709139802303&gcd=13l3l3l3l1&npa=0&dma=0&cid=1830961297.1709139803&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1709139803&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&en=page_view&_fv=1&_ss=1&tfd=1217
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B57E59LMFB&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.12.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ge-in-f102.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/ 3 KB
2 KB 135ms
49ms Script
text/javascript 142.250.96.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/?random=1709139803173&cv=11&fst=1709139803173&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033z871312789za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&hn=www.googleadservices.com&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&pscdl=noapi&auid=870819645.1709139803&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-815133722&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.156 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f156.1e100.net

Software

cafe /

Resource Hash

a38e0e2d4e9a794a39fc25e1f7d0bc3fa97522c1ba7d3ceacd9a35a75b83e993

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 29ms
28ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=316720908987052&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&rl=&if=false&ts=1709139803268&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4125&fbp=fb.1.1709139802956.900269755&ler=empty&cdl=API_unavailable&it=1709139802443&coo=false&exp=e1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 28 Feb 2024 17:03:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 130ms
49ms Image
image/gif 142.250.96.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-73658561-7&cid=1830961297.1709139803&jid=1521767615&_u=YGBAiEABBAAAAGAEK~&z=1512290400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 154ms
72ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-73658561-7&cid=1830961297.1709139803&jid=1521767615&_u=YGBAiEABBAAAAGAEK~&z=1512290400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 251 KB
87 KB 66ms
66ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

dda7ee2dd3c1acb5f36b4e477ce72346c58806576f8893a7417d7f12f7a6a978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89026
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:23 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 160ms
82ms Image
image/gif 142.250.96.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=1589228794&_u=YGDAiEABBAAAAGAEK~&z=1705623019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 125ms
47ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=1589228794&_u=YGDAiEABBAAAAGAEK~&z=1705623019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 45ms
44ms XHR
text/plain 142.250.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=784860546&gjid=567337941&_gid=1467791445.1709139803&_u=YGDACEABBAAAAGAEK~&z=806456446

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 482F 930 B
2 KB 135ms
29ms Document
text/html 13.35.93.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.93.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-93-85.jfk50.r.cloudfront.net

Software

Cloudfront /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 282
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:58:42 GMT
etag: "06bfcd88af438673a8bf9b845a11aa6e"
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 774fddee085016d16b500fd9201faeb2.cloudfront.net (CloudFront)
x-amz-cf-id: 6A49Vo8q-Mq5RneTTUNAzzfTnxKeE1oidFQlsE9P_LB74Y65gAe_JA==
x-amz-cf-pop: JFK50-P8
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H3 200 85ca3d936a4036d7 Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 8CC9 0
341 B 57ms
56ms XHR
text/plain 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/85ca3d936a4036d7

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 85ca3d9b8eeea22e-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 10148631.json Show response
s.yimg.com/wi/config/ 46 B
700 B 87ms
30ms XHR
application/json 69.147.92.12
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10148631.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.147.92.12 Ashburn, United States, ASN10310 (YAHOO-1, US),

Reverse DNS

e2.ycpi.vip.dca.yahoo.com

Software

ATS /

Resource Hash

7802514279d805a825923d8ff3b2746e3fa7d4c719d791292b6f860bc2acf20d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ats-carp-promotion: 1, 1
date: Wed, 28 Feb 2024 16:26:02 GMT
x-amz-version-id: _q7ww.SUNgfKxj2NdvbwvRL__BiwZqg_
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: WAT66TETAA1EXPTW
age: 2242
x-amz-server-side-encryption: AES256
content-length: 46
x-amz-id-2: 0QEsQ55yVQgxdsZQToaShHAXs/6StGT+tuyShdJGucHD248WsRZH/y+/RM7XQJdOSNPrEXK1ZG0=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Fri, 04 Apr 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Wed, 28 Feb 2024 15:43:49 GMT
server: ATS
etag: "d858dce265978fc7a1a7968464b2fe67"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 263ms
144ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=a79fd632-8037-4aa7-a993-0321a4c6ff54&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=584c3eec-5965-477f-b07e-fbfa8d4972da&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&tw_iframe_status=0&txn_id=oey2z&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-response-time: 86
date: Wed, 28 Feb 2024 17:03:23 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: fb9a9374ccfa07b1
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 1c41ce02c543fb2876451a18ca0e6b057695847cf8c254aa7b7c3e08371ba43e
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
725 B 189ms
67ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=a79fd632-8037-4aa7-a993-0321a4c6ff54&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=584c3eec-5965-477f-b07e-fbfa8d4972da&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&tw_iframe_status=0&txn_id=oey2z&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-response-time: 8
date: Wed, 28 Feb 2024 17:03:22 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 559dad96b457d45e
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: b94f392e03a325bc38f78e38eb29f1177b485f471e253bcac78146caa967ccbf
content-length: 43

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
77 KB 64ms
64ms Script
application/javascript 142.250.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-815133722&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

238c7998285e2c6e50661bd65dc7135ec844214d1210a983311ffac71fd17767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78848
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Feb 2024 17:03:23 GMT

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1932 474 B
915 B 195ms
80ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: 8vJX0L65tHHabhEFDjHXe7NbYTpeIwflmNErcaQi4diuhFQwGp8Efw==

GET
H2 200 countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json Show response
js.stripe.com/v3/fingerprinted/data/ Frame 1932 145 KB
37 KB 147ms
68ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/data/countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 16:32:13 GMT
content-encoding: br
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1887
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Mon, 26 Feb 2024 18:02:52 GMT
server: Cloudfront
etag: W/"9ffc15b92962ca316164b9a5ff4c1917"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: Ti966InJpzUkw_e9OfzVI-YdhL5ucFACFqGeP_MINQkR6F7QGFlSDg==

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 32ms
31ms Stylesheet
text/css 18.209.79.16
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.79.16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-79-16.compute-1.amazonaws.com
Software: /
Resource Hash: ed2ce0d7e44b0be966bd3c2ffab4a8bcd52a4f2355f10d2f39a1fa32d3e0caac

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 28 Feb 2024 17:03:23 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 96ms
32ms Fetch
image/jpeg 18.209.79.16
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.79.16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-79-16.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 28 Feb 2024 17:03:23 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 5209 474 B
915 B 151ms
102ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: enkYINL23XFxT3wkKAcOns8_pmBMM_FArqPS6_tqidazXGBJr2T81w==

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 5209 474 B
916 B 137ms
100ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: MgVQ5nS5yBlj5VxGKhvV9mzbSS-BFq5tWFLS8f5ppGDew65-3BqIqQ==

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame F277 474 B
916 B 117ms
101ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: YuEO9ydgKkHeUwQJ9LPMnE2C_e7nCpjCOlZaDl46PfRGI2dviNyFkw==

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame F277 474 B
913 B 114ms
102ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-24561481602787ae7f6a263bbe2d5a60.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: vhvb-2zMoKO2bx11QNwCnA3rtzi9pK-1rCemtGpbGXlp132o6glkJA==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 76ms
74ms Image
image/gif 142.250.96.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=784860546&_u=YGDACEABBAAAAGAEK~&z=1482708115

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 76ms
75ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-15267911-1&cid=1830961297.1709139803&jid=784860546&_u=YGDACEABBAAAAGAEK~&z=1482708115

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/s/ 0
255 B 151ms
66ms Ping
text/plain 173.194.77.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e42l1v867905447z872410129z9867900975za220&_gsid=X6H0114PDFb3MGXW4ofo14NgQgZW0YPQ
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.77.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: gc-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 44ms
44ms Ping
text/plain 142.250.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-X6H0114PDF&cid=Su%2FtmdbMl2OlS8f%2FxHEMsytoLyjhh4lmc6MWgWlpG7Y%3D.1709139803&gtm=45j91e42l1v867905447z872410129z9867900975za220&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.12.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ge-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 51ms
49ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-X6H0114PDF&cid=Su%2FtmdbMl2OlS8f%2FxHEMsytoLyjhh4lmc6MWgWlpG7Y%3D.1709139803&gtm=45j91e42l1v867905447z872410129z9867900975za220&aip=1&z=538078671

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
633 B 122ms
40ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2028%20Feb%202024%2017%3A03%3A23%20GMT&n=8&b=%5B1%5D%20OFFER%20EXPIRING&.yp=10148631&f=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&enc=UTF-8&yv=1.15.1&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Wed, 28 Feb 2024 17:03:23 GMT

GET
H2 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 9467 19 KB
8 KB 78ms
76ms Document
text/html 142.251.4.92
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.4.92 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gm-in-f92.1e100.net

Software

ESF /

Resource Hash

63534dc01a276a09c73808d32ea7565052443b40f570def6537d0815ca533d3b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WfbSfLwJdDO6IdIQxn0X9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-WfbSfLwJdDO6IdIQxn0X9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Wed, 28 Feb 2024 17:03:23 GMT
expires: Wed, 28 Feb 2024 17:03:23 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjKtDikmLw1JBiWFYqxVBRK8WwZCaQX3OTqXPPTaZ1XY-YFrY_ZdLkesZUH_WMaSbvc6a4E8-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prPyrZvOqgLEmuunswYCsVP6DNYAIPapn8EaBcRCPBy3z_1dxyawYveGFmYACMoxsg"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 collect Show response
gtm.winred.com/g/ 326 B
469 B 134ms
133ms XHR
text/plain 104.16.250.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je42q1v867905447z872410129za220&_p=1709139802303&gcd=13l3l3l3l1&npa=0&dma=0&cid=1830961297.1709139803&ul=en-us&sr=1600x1200&_fplc=0&ur=CA-ON&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=CA&sst.gse=1&sst.etld=google.ca&sst.gcd=13l3l3l3l1&sst.tft=1709139802303&_s=2&sid=1709139803&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&en=user%20session%20start&ep.pagepath=%2Fnrcc%2Fgolden-gavel%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel&epn.load_time_sec=-1709139801.9&epn.event_fire_time=1709139802876&ep.event_uuid=f40a5fd3-0e84-47fc-929b-a54ee432f129&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=t&ep.usercategory=anonymous&_et=5&tfd=1824&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.250.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

201974e74b791d77946676785540501db87abe335d01076645277050793eacba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:23 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 85ca3d9d98113a00-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 482F 87 KB
15 KB 36ms
36ms Script
text/javascript 13.35.93.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.93.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-93-85.jfk50.r.cloudfront.net

Software

Cloudfront /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:58:32 GMT
content-encoding: br
via: 1.1 774fddee085016d16b500fd9201faeb2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
age: 292
x-content-type-options: nosniff
etag: W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop: JFK50-P8
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: ASw2M0edPdWg5OVHug8zgtwgOHYzxJthBD9H1xFIJqRk89qk_36lBw==

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame F277 2 KB
3 KB 283ms
171ms Fetch
application/json 198.202.176.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.202.176.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

668c5ad16e56f519f4d7ba832291783a57e45245a3d0910259bd7335f4af5da5

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2483
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/815133722/ 42 B
64 B 56ms
55ms Image
image/gif 142.250.96.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/815133722/?random=1709139803173&cv=11&fst=1709139600000&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033z871312789za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqvC3bDjEu0CCNYCZwDUgcMiALSNqmIw&random=1508575972&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/815133722/ 42 B
64 B 49ms
48ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/815133722/?random=1709139803173&cv=11&fst=1709139600000&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033z871312789za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqvC3bDjEu0CCNYCZwDUgcMiALSNqmIw&random=1508575972&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 45ms
43ms Ping
text/plain 173.194.77.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-9J5139D7ZF&_ono=1&gtm=45je42q1v9139044878za220&_p=1709139802303&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=1600x1200&cid=1830961297.1709139803&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&sid=1709139803&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1908
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.77.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: gc-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 45ms
45ms Ping
text/plain 142.250.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-9J5139D7ZF&cid=1830961297.1709139803&gtm=45je42q1v9139044878za220&aip=1&dma=0&gcd=13l3l3l3l2&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.12.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ge-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 49ms
48ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-9J5139D7ZF&cid=1830961297.1709139803&gtm=45je42q1v9139044878za220&aip=1&dma=0&gcd=13l3l3l3l2&npa=0&z=209312860

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame 5209 2 KB
3 KB 182ms
161ms Fetch
application/json 198.202.176.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.202.176.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d300acc2ff44d6b3d1fc1ca56500fad7d695c914099322ad39d1a6b2c59fff02

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2483
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/am=gEEa/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMi... Frame 9467 159 KB
57 KB 144ms
43ms Script
text/javascript 142.250.96.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/am=gEEa/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrit9xAWec53jjZp1pPnduD6y1UmTw/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.94 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f94.1e100.net

Software

sffe /

Resource Hash

e83a326932524c1f4456f9c2a5bcfe11f799194bb0dbe2ab8f97d262e5d5a8ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 18:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57415
x-xss-protection: 0
last-modified: Tue, 27 Feb 2024 03:45:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Feb 2025 18:38:34 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
273 B 355ms
171ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804211643
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 9
x-stripe-client-envoy-start-time-us: 1709139804211289
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
276 B 287ms
107ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804147626
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 10
x-stripe-client-envoy-start-time-us: 1709139804147253
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
272 B 351ms
177ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804222131
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1709139804221824
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
274 B 355ms
184ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804227589
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 7
x-stripe-client-envoy-start-time-us: 1709139804227076
access-control-allow-credentials: true
content-length: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/ 3 KB
2 KB 51ms
50ms Script
text/javascript 142.250.96.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/?random=1709139803937&cv=11&fst=1709139803937&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&hn=www.googleadservices.com&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&pscdl=noapi&auid=870819645.1709139803&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-815133722&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.156 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f156.1e100.net

Software

cafe /

Resource Hash

a2968bd1f1c390f2d3cdd180fd9e909bf63ee41adba920b8abacf421a6a0b184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1932 474 B
915 B 59ms
59ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-e22778a3baa26fffcdc5791d48b2b7d0.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 16
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: SKPuUSfTLV_x4mUHPBRifK0S2w55z25zh21uLj5hyIEEpDBjefRpPQ==

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
274 B 310ms
195ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804238127
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 7
x-stripe-client-envoy-start-time-us: 1709139804237600
access-control-allow-credentials: true
content-length: 0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 51ms
50ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame 482F 156 B
670 B 285ms
94ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

51ebe056db842de94e8e5f705f16a87d8d5cca32f569ae7dcc3babe72dc7a8b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1709139804335153
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 3
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1709139804334590
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 94 B
288 B 32ms
32ms XHR
text/plain 18.209.79.16
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7WlXqkCbytjp_O_OKWgGWg&is_js=true&landing_url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&t=%5B1%5D%20OFFER%20EXPIRING&tip=kktP2JSWAtHioQl8x3qfaR1ytL_A4kk7hB4pq0aS6fc&host=https%3A%2F%2Fsecure.winred.com&sa_conv_data_css_value=%270-d7b0086d-ffd3-57b8-5df3-a0d1d8f304af%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9d7b0086dffd357b85df3a0d1d8f304af56300fc4&sa-user-id-v3=s%253AAQAKIFc9FbN9hiaIZOxljpOjP61zXHar4epvDj4TXcUE4DS4EHwYBCDbzv2uBjABOgRnDOjLQgRVZ74k.3VL2I3rYMPLw1FNXl36h60XDapVeRlpYWmdetzLeAQ8&sa-user-id-v2=s%253A17AIbf_TV7hd86DR2PMEr1YwD8Q.zkC116cfw6xGdS9Hg96smxvW6680u7HqkqiWzeVhUqY&sa-user-id=s%253A0-d7b0086d-ffd3-57b8-5df3-a0d1d8f304af.COQ6N9utXYIFNZg3rPSsOtUc3atiP7ew7H0l53ZuuAA
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.79.16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-79-16.compute-1.amazonaws.com
Software: /
Resource Hash: 078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: https://secure.winred.com
date: Wed, 28 Feb 2024 17:03:24 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 94
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
274 B 196ms
195ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804248858
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 8
x-stripe-client-envoy-start-time-us: 1709139804248077
access-control-allow-credentials: true
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/815133722/ 42 B
64 B 55ms
54ms Image
image/gif 142.250.96.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/815133722/?random=1709139803937&cv=11&fst=1709139600000&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqN34lTioedORpsL1d7NdcxQP5kuxd04hNwxCr39BQCZGsYrXF&random=253252858&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:24 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/815133722/ 42 B
64 B 52ms
51ms Image
image/gif 142.250.12.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/815133722/?random=1709139803937&cv=11&fst=1709139600000&bg=ffffff&guid=ON&async=1&gtm=45be42q1v892291033za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&frm=0&tiba=%5B1%5D%20OFFER%20EXPIRING&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqN34lTioedORpsL1d7NdcxQP5kuxd04hNwxCr39BQCZGsYrXF&random=253252858&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.12.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ge-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:24 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb2... Frame 9467 75 KB
27 KB 42ms
40ms Script
text/javascript 142.250.96.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb28QtijFV0.L.B1.O/am=gEEa/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrgf6RNoCWGC3u_KvZEScdY3S_tNfQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/am=gEEa/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrit9xAWec53jjZp1pPnduD6y1UmTw/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.94 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f94.1e100.net

Software

sffe /

Resource Hash

8922044fae329ea40d774d699598bdfbe309e294c1fd8695464b10818f97f92b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 20:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72907
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27692
x-xss-protection: 0
last-modified: Tue, 27 Feb 2024 03:45:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Feb 2025 20:48:17 GMT

GET
H2 200 hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html Show response
js.stripe.com/v3/ Frame 6DF6 71 KB
24 KB 64ms
63ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f1aa8b17bfc6c8f33b80c04a872b98a6e51536f8f2c413db43349599559c789d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-z7eWVL2qperrgofnh2AbFsrlvcYQZYQePBln3Bjw/HE='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
age: 3447
cache-control: max-age=31536000
content-encoding: br
content-security-policy: base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-z7eWVL2qperrgofnh2AbFsrlvcYQZYQePBln3Bjw/HE='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:06:45 GMT
etag: W/"bb49a658b50e3a1c9860e1600cf73f0f"
last-modified: Tue, 27 Feb 2024 21:03:50 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: xQGXtryE__I4jQ2kBpRKX_8SUZWSa-adSMJ1XzHkJ8KQzz2LaeJhfA==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
273 B 165ms
164ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804262019
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 6
x-stripe-client-envoy-start-time-us: 1709139804261688
access-control-allow-credentials: true
content-length: 0

GET
H2 200 phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js Show response
js.stripe.com/v3/fingerprinted/js/ 148 KB
36 KB 62ms
61ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:43:57 GMT
content-encoding: gzip
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1193
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Mon, 26 Feb 2024 18:03:03 GMT
server: Cloudfront
etag: W/"f7a3e754fa2fa9117506f69f618b5778"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: WB4yA6siAsgksUkUQwsdgk3piA42h9NV3-l5PpI-ubjaIBrs-WmyEQ==

GET
H2 200 elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html Show response
js.stripe.com/v3/ Frame 9DC9 78 KB
17 KB 62ms
61ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

9df7cb7c7ce6aa0fb609de857598f8c491e9f2951f57481789d910740ee37a3a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
age: 3445
cache-control: max-age=31536000
content-encoding: br
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:06:04 GMT
etag: W/"8b546bf9d278cae01d661169cc58cd56"
last-modified: Tue, 27 Feb 2024 21:03:36 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: OlO3yGXjX-SyZb6gt9cjhftP2fFr8C3azd7kkgHg04x2dyvMafWhWg==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame 9467 1 MB
377 KB 78ms
77ms XHR
text/html 142.251.4.92
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.4.92 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gm-in-f92.1e100.net

Software

ESF /

Resource Hash

17d14373a9a485af14e68a4f9d12a407075cdfb2ed4cb92e5d78c0da8d128653

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-V9uvuMEYNW5zyAwgh5T8AQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-V9uvuMEYNW5zyAwgh5T8AQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayUi/web-reports?context=eJzjKtDikmLw1JBiWFYqxVBRK8WwZCaQX3OTqXPPTaZ1XY-YFrY_ZdLkesZUH_WMaSbvc6a4E8-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prPyrZvOqgLEmuunswYCsVP6DNYAIPapn8EaBcRC3Bx3zv1dxybQcGh6HgDWNDFf"
x-ua-compatible: IE=edge
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Wed, 28 Feb 2024 17:03:24 GMT

GET
H2 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb2... Frame 9467 10 KB
4 KB 41ms
40ms Script
text/javascript 142.250.96.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb28QtijFV0.L.B1.O/am=gEEa/d=1/exm=Das5Le,_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrgf6RNoCWGC3u_KvZEScdY3S_tNfQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.94 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f94.1e100.net

Software

sffe /

Resource Hash

1f87c979d82755ef78f90c94a708ff3478c27e29ada3dd91fa3b3f4e0b357f5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 20:50:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4142
x-xss-protection: 0
last-modified: Tue, 27 Feb 2024 03:45:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Feb 2025 20:50:29 GMT

GET
H2 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb2... Frame 9467 37 KB
14 KB 41ms
41ms Script
text/javascript 142.250.96.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.lUxSo69zj3Y.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.Eb28QtijFV0.L.B1.O/am=gEEa/d=1/exm=Das5Le,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrgf6RNoCWGC3u_KvZEScdY3S_tNfQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.94 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f94.1e100.net

Software

sffe /

Resource Hash

07bd8345ac5225beaa225b96bc62290009ef3345602d4c3dc4fc6f5535b89540

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 20:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14351
x-xss-protection: 0
last-modified: Tue, 27 Feb 2024 03:45:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Feb 2025 20:48:20 GMT

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 151ms
71ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 140ms
48ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 182ms
121ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 159ms
68ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 186ms
121ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 149ms
61ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 158ms
96ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 152ms
66ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 127ms
91ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 172ms
93ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 9DC9 536 KB
118 KB 67ms
65ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3150
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: xtsBBeoQlCqv9fotFeP-xbv441XqEEUDw15ytuSl6dF1MeDToAWHQQ==

GET
H2 200 elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 9DC9 25 KB
9 KB 73ms
71ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:43:39 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1191
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Fri, 23 Feb 2024 00:08:38 GMT
server: Cloudfront
etag: W/"12873bf8979ee1f4c70fe3749e63d8a2"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: OvCD8askUwyV-pTZsIym3uYsfsSVKtUBealIVXriZc-_Wa7fJ5o-zQ==

GET
H2 200 elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css
js.stripe.com/v3/fingerprinted/css/ Frame 9DC9 25 KB
4 KB 64ms
63ms Stylesheet
text/css 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-8b546bf9d278cae01d661169cc58cd56.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:46:32 GMT
content-encoding: gzip
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1047
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Mon, 26 Feb 2024 18:02:51 GMT
server: Cloudfront
etag: W/"ec65bfd4737d216032b538eb56aec1bd"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 35zK6VslM9pYVDmUkSQ8huGV_RkoTJ-b1EslJ8Db1Jcp9JrqSw2lRg==

POST
H3 200 log Show response
play.google.com/ Frame 9467 131 B
155 B 126ms
92ms XHR
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 28 Feb 2024 17:03:24 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 145ms
95ms Preflight
text/plain 142.250.96.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.96.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

gg-in-f100.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
274 B 109ms
109ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804293929
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 6
x-stripe-client-envoy-start-time-us: 1709139804293689
access-control-allow-credentials: true
content-length: 0

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 6DF6 474 B
916 B 60ms
60ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 17
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: 3xNzdFMCugTYxKAcZk3i_Gpyy0pqwWM4afjZ4Rb4DMKgFrRyyO-bUg==

GET
H2 200 HCaptchaInvisible.html Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.17/ Frame EC84 419 B
957 B 391ms
298ms Document
text/html 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-bb49a658b50e3a1c9860e1600cf73f0f.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c64a6e5cd18f4259ba04815cf49fc93b4a6e7d9eb5d27e003246cd19ed1cfa22

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://hcaptcha.com https://.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://.hcaptcha.com; style-src 'self' https://hcaptcha.com https://.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 283
content-security-policy: base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://*.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 17:03:24 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-request-id: 7fba7cc0-8f41-4e84-a360-2b00e70f1a07
x-served-by: cache-yyz4543-YYZ
x-timer: S1709139804.358106,VS0,VE286

GET
H2 200 elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html Show response
js.stripe.com/v3/ Frame 69A2 820 B
2 KB 72ms
63ms Document
text/html 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

9f72da3593366773cb0d5d981f3c86e98693a93324de56d5c5a571b27dfdd4cb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2782
cache-control: max-age=31536000
content-length: 820
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 28 Feb 2024 16:17:31 GMT
etag: "0fa9b1fbb576de009b1a3521f9781fdc"
last-modified: Tue, 27 Feb 2024 21:03:36 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
x-amz-cf-id: DLIfd1r20TShprgQUWt-Rxpq01lcdYD-jtBxxRz16bM6-2sf5cyGFQ==
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
275 B 114ms
114ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
x-stripe-server-envoy-start-time-us: 1709139804339902
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 21
x-stripe-client-envoy-start-time-us: 1709139804339573
access-control-allow-credentials: true
content-length: 0

GET
H2 200 shared-cda4267462ec345f4fcb0a1558fbbd2a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 69A2 536 KB
118 KB 72ms
71ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:42:27 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3150
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:49 GMT
server: Cloudfront
etag: W/"7e5253be12bd9bee5ca9873c51341616"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 890jUoUsv3qzxWOHP0ulgV1SNgNwEDbtGNxraIfCYqRBYTL7D-0EgA==

GET
H2 200 ui-shared-de6c8afb762571bf96ccb5b02e4b502c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 69A2 416 KB
107 KB 70ms
69ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-de6c8afb762571bf96ccb5b02e4b502c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

20fa9dbe8b1f24b6720147bf27111de093e0904d156cef809d284d80ef12763b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:06:04 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 3448
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:50 GMT
server: Cloudfront
etag: W/"7cfdbbcaee4888bce700a62ef427844b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: f9jerpF5RQxyooqf15Ud_1WOIGSZZBDJqnjJttj_fDUUrqBn4t1ToQ==

GET
H2 200 elements-inner-payment-request-73f464052fae6a416945b5e3206e515b.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 69A2 73 KB
24 KB 71ms
71ms Script
text/javascript 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-payment-request-73f464052fae6a416945b5e3206e515b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

8f67e525bad4db5d4386e04ddb8f92c484239f5532bef5be00369a6a1954f325

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:32:21 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 1868
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Tue, 27 Feb 2024 21:03:47 GMT
server: Cloudfront
etag: W/"727c403f946b86bd1dead6851abc699a"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: _FDYqFo9DWRwaB44UAUwatn3EVKVyxEXyiTNHxj5iDGNDysQX0l5KQ==

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame 69A2 20 KB
3 KB 66ms
65ms Stylesheet
text/css 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:02:33 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 60
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Fri, 23 Feb 2024 21:02:28 GMT
server: Cloudfront
etag: W/"b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: bxz41YUVtzz8SXWzYlNIDno-vg3-I0pny1a_SlydSCvQz6If3Nh7kg==

GET
H2 200 elements-inner-payment-request-cfe32df79f375ff09e642bdb265216a4.css
js.stripe.com/v3/fingerprinted/css/ Frame 69A2 12 KB
3 KB 68ms
67ms Stylesheet
text/css 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-payment-request-cfe32df79f375ff09e642bdb265216a4.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

6e42ec45fee8ebb7248427c36f69b71450834c83dad5d9ffcc7740828cf6046b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 16:47:44 GMT
content-encoding: br
via: 1.1 56b1a3258b9fc2318762088949ab9414.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 957
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
last-modified: Fri, 23 Feb 2024 21:02:28 GMT
server: Cloudfront
etag: W/"a4845cb93b01a6c0277388c7bfe6c9e9"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: L34D79SM15R7LzMCpgn_NCdfEF01M6eXjND4SqakF1h1IVCvr04tQQ==

POST
H2 200 6 Show response
m.stripe.com/ Frame 482F 156 B
669 B 99ms
97ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

51ebe056db842de94e8e5f705f16a87d8d5cca32f569ae7dcc3babe72dc7a8b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1709139804443376
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 8
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1709139804442902
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 6 Show response
m.stripe.com/ Frame 482F 156 B
669 B 138ms
137ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

51ebe056db842de94e8e5f705f16a87d8d5cca32f569ae7dcc3babe72dc7a8b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1709139804490464
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1709139804490067
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 69A2 474 B
915 B 60ms
59ms Fetch
application/json 18.173.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.166.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-166-90.mia3.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-payment-request-0fa9b1fbb576de009b1a3521f9781fdc.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:07 GMT
via: 1.1 d123164e5a0cf3e23de092d2c10c10c4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 17
x-amz-cf-pop: MIA3-P7
x-cache: Hit from cloudfront
content-length: 474
last-modified: Tue, 27 Feb 2024 21:39:33 GMT
server: Cloudfront
etag: "083057a58f22b30653424898b3a40448"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
x-amz-cf-id: ov4EcXcDbylzzYXeL6GNcVegXeiRh1ZXYLOus-tSjWsEu3aCH5EY6A==

GET
H2 200 api.js Show response
hcaptcha.com/1/ Frame EC84 376 KB
107 KB 68ms
38ms Script
application/javascript 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://b.stripecdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 981fd743d9643ae0100d9c3fcfb96f78.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: Y83AnVQfVaYtiCkhua7rz_C8xbCj9kI1
age: 0
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
etag: W/"cf161ae1463888e6b05f1ecd1d11305b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
cf-ray: 85ca3da35a01a1fc-YYZ
x-amz-cf-id: wQFik9EBRD03vgP0ps1sNYoUBn7jvrIe6wnfJ4d4f8v_6baei9EsoA==

GET
H2 200 vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.2a2d58b91c6acfc1f9d8.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.17/ Frame EC84 114 KB
37 KB 13ms
13ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.2a2d58b91c6acfc1f9d8.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

39253e0583d87f1e4da4c9028eb3112b1218fe79ee1a9df1d86560a43887615f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 28 Feb 2024 17:03:24 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 1182319
x-cache: HIT
content-length: 38075
x-request-id: e9c778fb-a315-4171-aa48-f3f5c5aa9548
x-served-by: cache-yyz4543-YYZ
server: Fastly
x-timer: S1709139805.661857,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9476

GET
H2 200 HCaptchaInvisible.f76df6e906382568d06d.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.17/ Frame EC84 17 KB
7 KB 32ms
31ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.f76df6e906382568d06d.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1de004e171a50121095d5a850d20a305ca3566b1e9ec8f928fb8e8382b6dc019

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.17/HCaptchaInvisible.html?id=d08ce53b-50b6-4d3d-aaa9-6d0894b9746c&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 28 Feb 2024 17:03:24 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 1182320
x-cache: HIT
content-length: 7164
x-request-id: 12c9a1b3-5852-4eb8-8da7-0f975e2f60a8
x-served-by: cache-yyz4543-YYZ
server: Fastly
x-timer: S1709139805.662010,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9395

POST
H3 204 rum Show response
secure.winred.com/cdn-cgi/ 0
142 B 19ms
14ms XHR
text/plain 104.19.211.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.211.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type: application/json

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://secure.winred.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 85ca3da41cf5a22e-YYZ

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/fadb9c6/static/ Frame 94E3 2 KB
1 KB 37ms
36ms Document
text/html 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=14cep50e2rt

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1619d9fb8315d3aa40c14e8afcb906222479cb21a1674d073692e016e8194ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://b.stripecdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
age: 37699
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 85ca3da42b38a1fc-YYZ
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Wed, 28 Feb 2024 17:03:24 GMT
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 e0170582752f8bcacf802243afe5509c.cloudfront.net (CloudFront)
x-amz-cf-id: YTlRz7L9JwImjbepEsZ9A6efgglNrzgP2YGrz7TQlRFCDeitGg9OrA==
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: w380JAJSDRpHmjdLNet.Oei.HbAumRcl
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/fadb9c6/ Frame 94E3 376 KB
106 KB 24ms
23ms Script
application/javascript 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=14cep50e2rt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=14cep50e2rt
Origin: https://newassets.hcaptcha.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 981fd743d9643ae0100d9c3fcfb96f78.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: Y83AnVQfVaYtiCkhua7rz_C8xbCj9kI1
age: 37718
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
etag: W/"cf161ae1463888e6b05f1ecd1d11305b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 85ca3da47ba6a1fc-YYZ
x-amz-cf-id: wQFik9EBRD03vgP0ps1sNYoUBn7jvrIe6wnfJ4d4f8v_6baei9EsoA==

POST
H2 200 checksiteconfig Show response
api.hcaptcha.com/ Frame 94E3 719 B
831 B 56ms
53ms XHR
application/json 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hcaptcha.com/checksiteconfig?v=fadb9c6&host=b.stripecdn.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&sc=1&swa=1&spst=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a10592a244f91c13b234bfad6840737442d0eab7241b714c501f6d33144c87e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 28 Feb 2024 17:03:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 85ca3da50c8ba1fc-YYZ
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
alt-svc: h3=":443"; ma=86400

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
272 B 96ms
95ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:25 GMT
x-stripe-server-envoy-start-time-us: 1709139805010515
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 8
x-stripe-client-envoy-start-time-us: 1709139805010032
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
273 B 93ms
93ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:25 GMT
x-stripe-server-envoy-start-time-us: 1709139805027527
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1709139805027203
access-control-allow-credentials: true
content-length: 0

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/0fb9fb5/ Frame 94E3 508 KB
222 KB 37ms
36ms Script
application/javascript 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/0fb9fb5/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6aeb0f05d454e29935dc8708f1dbdbe27176d849880fdbf1d30d4d5bc6c3c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=14cep50e2rt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 17:03:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f7da5d3db9ee44e1812f138a4bdfd564.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: hX4Z6AbOk3MuIrAL1fopQL_PyMUYVvWN
age: 796
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 12 Feb 2024 22:29:35 GMT
server: cloudflare
etag: W/"380f869a8304c28e89d70dc536bdc54c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 85ca3da56986a23a-YYZ
x-amz-cf-id: CuPN9rkJagalO7guQVf2H89vLyN2muql0aqSgUpPE0oZtCkLjc3czw==

POST
H2 200 b Show response
r.stripe.com/ Frame 1932 0
274 B 99ms
98ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:25 GMT
x-stripe-server-envoy-start-time-us: 1709139805154569
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 8
x-stripe-client-envoy-start-time-us: 1709139805153822
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
274 B 100ms
100ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:25 GMT
x-stripe-server-envoy-start-time-us: 1709139805273224
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 7
x-stripe-client-envoy-start-time-us: 1709139805272708
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame F277 0
274 B 95ms
95ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:25 GMT
x-stripe-server-envoy-start-time-us: 1709139805468876
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1709139805468573
access-control-allow-credentials: true
content-length: 0

POST
H3 200 463b917e-e264-403f-ad34-34af0ee10294 Show response
api.hcaptcha.com/getcaptcha/ Frame 94E3 3 KB
3 KB 285ms
284ms XHR
application/octet-stream 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hcaptcha.com/getcaptcha/463b917e-e264-403f-ad34-34af0ee10294

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83a17ae33626fe7e30eedce48efcf09c25090f7a89410601e29e941696beec05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json, application/octet-stream
Referer: https://newassets.hcaptcha.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 28 Feb 2024 17:03:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 85ca3da7fe43a23a-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 3142

POST
H2 200 b Show response
r.stripe.com/ Frame 5209 0
274 B 93ms
92ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-cda4267462ec345f4fcb0a1558fbbd2a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 28 Feb 2024 17:03:26 GMT
x-stripe-server-envoy-start-time-us: 1709139806766100
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1709139806765667
access-control-allow-credentials: true
content-length: 0

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/1/ 255 KB
56 KB 41ms
40ms Script
text/javascript 173.194.77.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/1/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.77.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gc-in-f95.1e100.net

Software

sffe /

Resource Hash

9ea16efa9e53039fffb7ccf6bee49de744e04402da82e1070d45733ef4a36711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 03:26:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56751
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 19:28:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Feb 2025 03:26:53 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/1/ 180 KB
56 KB 55ms
55ms Script
text/javascript 173.194.77.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/1/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.77.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gc-in-f95.1e100.net

Software

sffe /

Resource Hash

c6dc2d05669b7d0b896bb7185ed18035463aa200da0022364d446579365a8350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 03:11:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56881
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 19:28:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Feb 2025 03:11:36 GMT

POST
H3 204 collect
analytics.google.com/g/ 0
17 B 45ms
44ms Ping
text/plain 173.194.77.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-9J5139D7ZF&_ono=1&gtm=45je42q1v9139044878za220&_p=1709139802303&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=1600x1200&cid=1830961297.1709139803&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=2&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Fgolden-gavel%2F%3Frecurring%3Dtrue%26amount%3D35%26utm_campaign%3D20240221_USA-GOP-2.113235_t1452047-573%26ex_tid%3D20240221_USA-GOP-2.113235_t1452047-573&dt=%5B1%5D%20OFFER%20EXPIRING&sid=1709139803&sct=1&seg=1&en=page_view&_ee=1&_et=5&tfd=6930
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 173.194.77.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: gc-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Feb 2024 17:03:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.winred.com/api/v3/users	1970-01-21 04:21:39	Name: rvid Value: 65d19293-4fb2-4e10-b9e9-c40d9f9077cf
.secure.winred.com/	1970-01-20 18:45:41	Name: __cf_bm Value: G..dp72C0_W9GMWWEVANEhlHVOj3s8JIdLiaYt2efXg-1709139802-1.0-ATS5+QAlL7dl6thak85qKmurEe2YR2Pz8k0t0rNQ1wsdzH9H2m9j8Yj71imymzu8dcEoPbIpNFpXmXvcmXk0X5c=
.winred.com/	1970-01-20 20:55:15	Name: _gcl_au Value: 1.1.870819645.1709139803
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573
.winred.com/	1970-01-20 20:55:15	Name: _fbp Value: fb.1.1709139802956.900269755
.winred.com/	1970-01-20 18:47:06	Name: _gid Value: GA1.2.1467791445.1709139803
.winred.com/	1970-01-20 18:45:39	Name: _dc_gtm_UA-73658561-7 Value: 1
.winred.com/	1970-01-20 18:45:39	Name: _dc_gtm_UA-15267911-1 Value: 1
.winred.com/	1970-01-20 18:45:39	Name: _gat Value: 1
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: ZzJXRE9hcEFCQTB6aXFoRnZFcG1BOXRGbjZISFV3dmNWOWNRK0g2emlGb2FHVEQyek1zTWYybVMxSSt5aUZIN2l5R1k3WHJ1TnVhaEdQR0dMMEtHY1lmdW43OGRhK2NrNU1jWjJDQlArSFcvMmdrV3VzZ2JucHFmamhlYi92SW0wYUdWMG9jTnlXRkJaWHFLVFQ5bmkxK0tzT2Z1YTgxQ3BCM2NXTmpOWXlVVGpjUlBpRHUrMVlGeVRtUVd3QXRXWGVKNTVSdWM2SkZ5TjFVR1FiYUJzQjJ0NytZL3VYbTJMdEl4RitZYlNOV1c4U3J6c21qSEhsc00yNERaUDBrdThIdUtqSmpibXNLbDFCdEtnb3BiNTNYeWRMQTBpNTloOG5vMnIzdTBXNDV0SS8zQS9oQmN6amswSjNET2wwUmVWNVhnM0tmb3Z0UnNqOU1VR0xLQm9NNklZbUhqdnMyZm9ydVFRRHJNM0VJPS0tWFlFcm04WE5HOW81ZXlnc0R1V013Zz09--8dc891b6ab53112927b40309694a1163804856be
tags.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id Value: s%3A0-d7b0086d-ffd3-57b8-5df3-a0d1d8f304af.COQ6N9utXYIFNZg3rPSsOtUc3atiP7ew7H0l53ZuuAA
.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id Value: s%3A0-d7b0086d-ffd3-57b8-5df3-a0d1d8f304af.COQ6N9utXYIFNZg3rPSsOtUc3atiP7ew7H0l53ZuuAA
tags.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id-v2 Value: s%3A17AIbf_TV7hd86DR2PMEr1YwD8Q.zkC116cfw6xGdS9Hg96smxvW6680u7HqkqiWzeVhUqY
.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id-v2 Value: s%3A17AIbf_TV7hd86DR2PMEr1YwD8Q.zkC116cfw6xGdS9Hg96smxvW6680u7HqkqiWzeVhUqY
tags.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id-v3 Value: s%3AAQAKIFc9FbN9hiaIZOxljpOjP61zXHar4epvDj4TXcUE4DS4EHwYBCDbzv2uBjABOgRnDOjLQgRVZ74k.3VL2I3rYMPLw1FNXl36h60XDapVeRlpYWmdetzLeAQ8
.srv.stackadapt.com/	1970-01-21 03:31:15	Name: sa-user-id-v3 Value: s%3AAQAKIFc9FbN9hiaIZOxljpOjP61zXHar4epvDj4TXcUE4DS4EHwYBCDbzv2uBjABOgRnDOjLQgRVZ74k.3VL2I3rYMPLw1FNXl36h60XDapVeRlpYWmdetzLeAQ8
.winred.com/	1970-01-21 04:21:39	Name: _ga_CM6HT6HPTV Value: GS1.1.1709139803.1.0.1709139803.0.0.0
.winred.com/	1970-01-21 04:21:39	Name: _ga Value: GA1.1.1830961297.1709139803
.winred.com/	1970-01-21 04:21:39	Name: _ga_B57E59LMFB Value: GS1.1.1709139803.1.0.1709139803.0.0.0
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-21 04:21:39	Name: rvid Value: 65d19293-4fb2-4e10-b9e9-c40d9f9077cf
.winred.com/	1970-01-21 04:21:39	Name: FPID Value: FPID2.2.Su%2FtmdbMl2OlS8f%2FxHEMsytoLyjhh4lmc6MWgWlpG7Y%3D.1709139803
.winred.com/	1970-01-20 18:45:41	Name: FPGSID Value: 1.1709139803.1709139803.G-X6H0114PDF.b3MGXW4ofo14NgQgZW0YPQ
.secure.winred.com/	1970-01-21 03:31:15	Name: cf_clearance Value: .TcXAR5gupIztjkzLYT8EeMJtRsXCyPNU.DaczDsVtA-1709139803-1.0-Ae3i44vVwoQ2nysFL65Qx4/iYpoIAbP6nf7MGwwyNAxfePMbVILm8A5XmpV+qHjbX0NCdwMHz/SChOsyKTG9WpQ=
secure.winred.com/	1970-01-21 03:31:15	Name: sa-user-id Value: s%253A0-d7b0086d-ffd3-57b8-5df3-a0d1d8f304af.COQ6N9utXYIFNZg3rPSsOtUc3atiP7ew7H0l53ZuuAA
secure.winred.com/	1970-01-21 03:31:15	Name: sa-user-id-v2 Value: s%253A17AIbf_TV7hd86DR2PMEr1YwD8Q.zkC116cfw6xGdS9Hg96smxvW6680u7HqkqiWzeVhUqY
secure.winred.com/	1970-01-21 03:31:15	Name: sa-user-id-v3 Value: s%253AAQAKIFc9FbN9hiaIZOxljpOjP61zXHar4epvDj4TXcUE4DS4EHwYBCDbzv2uBjABOgRnDOjLQgRVZ74k.3VL2I3rYMPLw1FNXl36h60XDapVeRlpYWmdetzLeAQ8
.twitter.com/	1970-01-21 04:21:39	Name: guest_id_marketing Value: v1%3A170913980360876069
.twitter.com/	1970-01-21 04:21:39	Name: guest_id_ads Value: v1%3A170913980360876069
.twitter.com/	1970-01-21 04:21:39	Name: personalization_id Value: "v1_NmMOF2CbAeMblkKkr/NqeQ=="
.twitter.com/	1970-01-21 04:21:39	Name: guest_id Value: v1%3A170913980360876069
.t.co/	1970-01-21 04:21:39	Name: muc_ads Value: ca7a624c-19f6-4755-a68c-3666b2aa64be
.yahoo.com/	1970-01-21 03:31:37	Name: A3 Value: d=AQABBFtn32UCEFV5ixJmpP6WMUx2eZxSMOsFEgEBAQG44GXpZSXaxyMA_eMAAA&S=AQAAAh3pWFe_19HD9I2eIaP95mY
.winred.com/	1970-01-21 04:21:39	Name: _ga_9J5139D7ZF Value: GS1.2.1709139803.1.1.1709139803.60.0.0
.winred.com/	1970-01-20 18:46:51	Name: FPLC Value: 0hkGxT4DA3BefF%2Bf1niQE4rkI%2FMPrm8a1KmGW5IEk6ToNGsboV3%2FWyGncyybyRBOwQz430J8sps7lcZQIRPPBYLfeks2vd3B%2BLPzASEB4ll4bZGWpRwAi0fGY0aw9A%3D%3D
.doubleclick.net/	1970-01-21 04:21:39	Name: IDE Value: AHWqTUklq6ZNcJqfqlxdqw-3ROcMnKvUiKZCwA31HyXoDB_xl5061wEM7Nsb8eqh
m.stripe.com/	1970-01-21 04:21:39	Name: m Value: f4dafe0d-9623-4d39-be5c-e2b191978129a563f3
.secure.winred.com/	1970-01-21 03:31:15	Name: __stripe_mid Value: f749fccb-0618-47a4-84a5-7ae0b7ea01df89b4d8
.secure.winred.com/	1970-01-20 18:45:41	Name: __stripe_sid Value: 0f35d4f9-1d52-48b6-a226-d1c507b170511a64cf
.google.com/	1970-01-20 23:09:11	Name: NID Value: 512=d99qgRwCD7sBhUrir9w1hvS15pd_jcCqtgDrFBkjL5BmJDMDW1ZLWvqWdlLKy2xXE_PE7tVqZEM4y3BBvqZRdUj8sWpiXKnPh0yW_e58cQGJXffAIisixZSkAlKy5D2UpODy08HzmxZ2Q7SqdOM8rKehEUGhVc6JubxbkwAKF2o
.winred.com/	1970-01-21 04:21:39	Name: _ga_X6H0114PDF Value: GS1.1.1709139803.1.0.1709139804.0.0.0
api.hcaptcha.com/	1970-01-20 19:28:51	Name: hmt_id Value: 03cc3b9e-8515-41c7-83a4-3223d7261d02

62 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/437395704254527?v=2.9.147&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/nrcc/golden-gavel/?recurring=true&amount=35&utm_campaign=20240221_USA-GOP-2.113235_t1452047-573&ex_tid=20240221_USA-GOP-2.113235_t1452047-573 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
analytics.twitter.com
api.hcaptcha.com
app.winred.com
b.stripecdn.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
gtm.winred.com
hcaptcha.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
merchant-ui-api.stripe.com
newassets.hcaptcha.com
pay.google.com
play.google.com
r.stripe.com
s.yimg.com
secure.winred.com
sp.analytics.yahoo.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
trk.cp20.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
104.16.250.69
104.16.56.101
104.19.211.89
104.19.212.89
104.19.218.90
104.244.42.131
104.244.42.5
13.35.93.85
142.250.12.102
142.250.12.156
142.250.12.94
142.250.12.97
142.250.96.100
142.250.96.106
142.250.96.156
142.250.96.94
142.251.4.92
146.75.36.157
15.156.37.76
151.101.128.176
173.194.77.101
173.194.77.95
18.173.166.90
18.173.219.17
18.209.79.16
198.202.176.201
31.13.71.36
31.13.71.7
44.239.187.210
54.187.159.182
69.147.92.12
76.13.32.146
007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f
01008ce7ecbd6b85dfb55053757ce194429dcf900025c8246f13fcced7f2ac05
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4
07bd8345ac5225beaa225b96bc62290009ef3345602d4c3dc4fc6f5535b89540
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1619d9fb8315d3aa40c14e8afcb906222479cb21a1674d073692e016e8194ba4
17d14373a9a485af14e68a4f9d12a407075cdfb2ed4cb92e5d78c0da8d128653
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1de004e171a50121095d5a850d20a305ca3566b1e9ec8f928fb8e8382b6dc019
1de6ed1cc1b4ddc0869b896b3b76ca21587250f1b491e5a468cbaae65e590411
1f87c979d82755ef78f90c94a708ff3478c27e29ada3dd91fa3b3f4e0b357f5b
201974e74b791d77946676785540501db87abe335d01076645277050793eacba
20fa9dbe8b1f24b6720147bf27111de093e0904d156cef809d284d80ef12763b
238c7998285e2c6e50661bd65dc7135ec844214d1210a983311ffac71fd17767
2d5fc8e00769aa30c75be1f3263ab5d0058ff6f126a4e48544c665696c4edd6f
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
39253e0583d87f1e4da4c9028eb3112b1218fe79ee1a9df1d86560a43887615f
394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d
3d8c52a6faeb03d06697e7e5d0b3750f00ac312c865efe425215c4de6f12619a
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
509eec1afe229da0e3513d1245824fd0d568012c1b4d991aec9920f863921ac3
51ebe056db842de94e8e5f705f16a87d8d5cca32f569ae7dcc3babe72dc7a8b6
58eac28618a14b5cac2eadac72e6a26114e10999194912b8ee05d207f025c812
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9
63534dc01a276a09c73808d32ea7565052443b40f570def6537d0815ca533d3b
6441a42218327baedd704143d71b34a91d5713c0a787c32e428ab0efeb1c86c9
66115a549fe7e200a3ee224aba9b00ad2c94164dd6f365edb76f4166634d11f5
668c5ad16e56f519f4d7ba832291783a57e45245a3d0910259bd7335f4af5da5
6a10344ff3e6b56c06e6f5285521145e0b29df8f04e751e0f6dbec39ed7bdceb
6e42ec45fee8ebb7248427c36f69b71450834c83dad5d9ffcc7740828cf6046b
768d44dc8526fe5961efc1b7881f80382bde68acdcee1284d3bb88cbdd6d9b9c
7802514279d805a825923d8ff3b2746e3fa7d4c719d791292b6f860bc2acf20d
795b37724f76b26f404656c781bdcfe286bd9906f69e35de3aeb552ae1233a17
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a17ae33626fe7e30eedce48efcf09c25090f7a89410601e29e941696beec05
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8922044fae329ea40d774d699598bdfbe309e294c1fd8695464b10818f97f92b
8f67e525bad4db5d4386e04ddb8f92c484239f5532bef5be00369a6a1954f325
916fb50ec19ac2c7ae599b5ec4630f80bf523c4cf4dd24607b35c48f45579c04
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca
969e82bade7f2133977ae76c952503b1c7d8185b31a0a084c45f5c9aae1ce138
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
99178d08aa305df7ddc152ca5ec2ae491d304a6259dcb3cfed8a3f20d7824bd7
9bede70af013e13406e6e318442e30d10d545081fb58f490586b2011492f7955
9df7cb7c7ce6aa0fb609de857598f8c491e9f2951f57481789d910740ee37a3a
9ea16efa9e53039fffb7ccf6bee49de744e04402da82e1070d45733ef4a36711
9f72da3593366773cb0d5d981f3c86e98693a93324de56d5c5a571b27dfdd4cb
a10592a244f91c13b234bfad6840737442d0eab7241b714c501f6d33144c87e3
a1a9afc9165c7a53a0f89dc34275ca32fc16a99003a1f886e12721074d663006
a242aa39df8e3f2cb90feb914bf7022c9b3283cc7f506db3b66763a5b8475764
a2968bd1f1c390f2d3cdd180fd9e909bf63ee41adba920b8abacf421a6a0b184
a307f24126830b031b286183c12a43a6a066b27401c9840e19c0818c882b27a8
a38e0e2d4e9a794a39fc25e1f7d0bc3fa97522c1ba7d3ceacd9a35a75b83e993
a6aeb0f05d454e29935dc8708f1dbdbe27176d849880fdbf1d30d4d5bc6c3c18
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad278fe8eae121836378c0f601a92379a53ee8658f93ae53567e8b0a6476eeb0
b9ae89dfef0a2fac8e843b547269f242657cf67e848a7f823e8a38599fd94722
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
babc3eb5e5cedb13d8adcdd7afe26a5c1129cb3562ab9336458c450c2120074c
c474030b041821aa8323346503ae553cc437810ad46edd33df08caf3627fcac7
c64a6e5cd18f4259ba04815cf49fc93b4a6e7d9eb5d27e003246cd19ed1cfa22
c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9
c6dc2d05669b7d0b896bb7185ed18035463aa200da0022364d446579365a8350
c85ba9f3d7d73627cf95def707675a4d678c1fd15f97829f4c5638422b7973c2
c9f6066f177548c0520ca649a0089eaa6b2c18668baf6cd6b0b2ef3081d40b89
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca70021f7af39ff1fb20242c6ede0d64e42d583665643ac5b2b1606692f32ced
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d300acc2ff44d6b3d1fc1ca56500fad7d695c914099322ad39d1a6b2c59fff02
d974342d079c80c412efb82a7492bbbe45e3694ce4bfabf820e39937ce20d1a5
d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40
dda7ee2dd3c1acb5f36b4e477ce72346c58806576f8893a7417d7f12f7a6a978
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83a326932524c1f4456f9c2a5bcfe11f799194bb0dbe2ab8f97d262e5d5a8ea
eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b
ed2ce0d7e44b0be966bd3c2ffab4a8bcd52a4f2355f10d2f39a1fa32d3e0caac
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa34559ba4d93e23d2f943f2a2d084b8ea8aa7c8e635991e70f576a2aa16bd0
efe72b2126d7df64b119eb8680e7906d79da199ed78a898b621a14023aad3944
f125f9cf72340e352882f98f4fea59c51d6a4a1353f3f14db70f2febcc2c5bb5
f1aa8b17bfc6c8f33b80c04a872b98a6e51536f8f2c413db43349599559c789d
f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077
f8e37527996d0530694a2a8ddf6afdcf28cc8a05e50ce3ce9d3f2f743b04659f
fbfbd5a5892c79efc6acf236e0e3f9a0c0c72cdf14d2b676acb27ab6d5a5a811
fc41b9802e7858f041282e89e3196e15736488e093768a04ad4b742ffd92736c
fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c
fee95f3d1a43f23cdb6950a2abe9c4f3542b96ed831e565275f0d37babf8f67f

secure.winred.com Open in urlscan Pro 104.19.211.89 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

169 Requests

99 %HTTPS

0 %IPv6

23 Domains

34 Subdomains

31 IPs

3 Countries

4322 kBTransfer

15014 kBSize

42 Cookies

8 Outgoing links

Page URL History

Redirected requests

169 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
104.19.211.89 Public Scan

Screenshot
Live screenshot

Full Image

169
Requests

99 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

31
IPs

3
Countries

4322 kB
Transfer

15014 kB
Size

42
Cookies

169 HTTP transactions
0 data transactions