act.credoaction.com Open in urlscan Pro
13.56.44.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://credo.cm/hozbKH
Effective URL:
https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Submission: On March 04 via manual (March 4th 2018, 6:00:27 pm UTC) from US

Summary HTTP 37 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 22 IPs in 5 countries across 21 domains to perform 37 HTTP transactions. The main IP is 13.56.44.124, located in San Jose, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is act.credoaction.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 1st 2018. Valid for: 3 months.

This is the only time act.credoaction.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.21.33.16 52.21.33.16	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
4	13.56.44.124 13.56.44.124	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	216.137.61.212 216.137.61.212	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	216.58.206.10 216.58.206.10	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.25.120.36 104.25.120.36	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	104.20.20.23 104.20.20.23	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.21.232 172.217.21.232	15169 (GOOGLE) (GOOGLE - Google LLC)
3	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	173.194.76.155 173.194.76.155	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	216.58.214.66 216.58.214.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1 5	185.60.216.35 185.60.216.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
5 5	54.247.110.64 54.247.110.64	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.60.216.6 185.60.216.6	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.21.228 172.217.21.228	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.21.227 172.217.21.227	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	62.67.193.85 62.67.193.85	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1	217.12.15.54 217.12.15.54	34010 (YAHOO-IRD) (YAHOO-IRD)
1	52.58.187.113 52.58.187.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3 4	54.246.116.149 54.246.116.149	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.33.223.204 185.33.223.204	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 2	54.87.211.125 54.87.211.125	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
1 1	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE - Google LLC)
37	22

1 52.21.33.16 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-21-33-16.compute-1.amazonaws.com

credo.cm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.56.44.124 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-56-44-124.us-west-1.compute.amazonaws.com

act.credoaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.137.61.212 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-216-137-61-212.fra2.r.cloudfront.net

d2omw6a1nm6pnh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.25.120.36 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.shpg.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.20.23 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.credomobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.232 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f232.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.60.216.19 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.76.155 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s10-in-f66.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.60.216.35 (Ireland) 1 redirects

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.247.110.64 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-247-110-64.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.60.216.6 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

cx.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.228 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f228.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.227 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.67.193.85 (United Kingdom) 1 redirects

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.12.15.54 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
PTR: mpr2.ngd.vip.ir2.yahoo.com

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.187.113 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-187-113.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.246.116.149 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-246-116-149.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.204 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.87.211.125 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-87-211-125.compute-1.amazonaws.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.241.240.143 (New York, United States) 1 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.98 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	adroll.com 8 redirects s.adroll.com d.adroll.com	16 KB
5	facebook.com 1 redirects www.facebook.com	893 B
5	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	19 KB
5	cloudfront.net d2omw6a1nm6pnh.cloudfront.net	35 KB
4	credoaction.com act.credoaction.com	31 KB
3	facebook.net connect.facebook.net	44 KB
2	openx.net 1 redirects us-u.openx.net	719 B
2	rlcdn.com 1 redirects idsync.rlcdn.com	964 B
2	rubiconproject.com 1 redirects pixel.rubiconproject.com	1 KB
1	adnxs.com ib.adnxs.com	591 B
1	bidswitch.net x.bidswitch.net	346 B
1	yahoo.com ads.yahoo.com	1 KB
1	google.de www.google.de	144 B
1	google.com www.google.com	155 B
1	atdmt.com cx.atdmt.com	407 B
1	googleadservices.com www.googleadservices.com	7 KB
1	googletagmanager.com www.googletagmanager.com	21 KB
1	credomobile.com www.credomobile.com	1003 B
1	shpg.org c.shpg.org	7 KB
1	googleapis.com ajax.googleapis.com	33 KB
1	credo.cm 1 redirects credo.cm	295 B
37	21

	Domain	Requested by
9	d.adroll.com	8 redirects act.credoaction.com
5	www.facebook.com	1 redirects act.credoaction.com
5	d2omw6a1nm6pnh.cloudfront.net	act.credoaction.com
4	act.credoaction.com	act.credoaction.com
3	stats.g.doubleclick.net	www.googletagmanager.com act.credoaction.com
3	connect.facebook.net	act.credoaction.com connect.facebook.net
2	us-u.openx.net	1 redirects act.credoaction.com
2	idsync.rlcdn.com	1 redirects act.credoaction.com
2	pixel.rubiconproject.com	1 redirects act.credoaction.com
2	s.adroll.com	www.googletagmanager.com act.credoaction.com
1	cm.g.doubleclick.net	1 redirects
1	ib.adnxs.com	act.credoaction.com
1	x.bidswitch.net	act.credoaction.com
1	ads.yahoo.com	act.credoaction.com
1	www.google.de	act.credoaction.com
1	www.google.com	act.credoaction.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	cx.atdmt.com	act.credoaction.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	act.credoaction.com
1	www.credomobile.com	act.credoaction.com
1	c.shpg.org	act.credoaction.com
1	ajax.googleapis.com	act.credoaction.com
1	credo.cm	1 redirects
37	24

This site contains links to these domains. Also see Links.

Domain
www.credoaction.com
theintercept.com
www.huffingtonpost.com
www.politico.com
www.buzzfeed.com
www.credomobile.com

Subject Issuer	Validity	Valid
www-default.actionkit.com Let's Encrypt Authority X3	`2018-03-01` - `2018-05-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Frame ID: (6B41B8FF29AEDD79180828951CD8AE85)
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tell the Democratic Congressional Campaign Committee: Stop attacking progressive values | CREDO Action

Page URL History Show full URLs

http://credo.cm/hozbKH HTTP 302
https://act.credoaction.com/sign/dccc-attacks?source=fb_post Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i
env /^adroll_/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

37
Requests

11 %
HTTPS

0 %
IPv6

21
Domains

24
Subdomains

22
IPs

5
Countries

214 kB
Transfer

591 kB
Size

7
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.credoaction.com/
Title: Credo Action

Search URL Search Domain Scan URL

URL: https://theintercept.com/2018/02/27/dccc-internal-polling-congress-single-payer/
Title: DCCC Internal Polling Presented to Members of Congress Panned Single-Payer Health Care

Search URL Search Domain Scan URL

URL: https://www.huffingtonpost.com/entry/dccc-be-careful-parkland-shooting_us_5a9711eae4b09c872bb0da23?rug
Title: DCCC Advised Candidates To ‘Be Careful’ With Initial Comments On Parkland Shooting

Search URL Search Domain Scan URL

URL: https://www.huffingtonpost.com/entry/dccc-las-vegas-massacre-email_us_5a9579f6e4b036ab0142c108
Title: DCCC Advised Candidates Not To Discuss Gun Control Policy Right After Vegas Shooting

Search URL Search Domain Scan URL

URL: https://www.politico.com/story/2018/02/28/gun-control-polling-parkland-430099
Title: Gun control support surges in polls

Search URL Search Domain Scan URL

URL: https://www.buzzfeed.com/darrensands/group-asks-dccc-why-havent-you-endorsed-any-black?utm_term=.jslNKOEo5#.rspBEDmMl
Title: Group Asks DCCC: Why Haven't You Endorsed Any Black Candidates In The Midterms Target Program?

Search URL Search Domain Scan URL

URL: https://www.credomobile.com/misc/TermsOfUse.aspx
Title: terms of use

Search URL Search Domain Scan URL

URL: https://www.credomobile.com/Misc/Privacy.aspx
Title: privacy

Search URL Search Domain Scan URL

URL: https://www.credoaction.com/contact
Title: contact

Search URL Search Domain Scan URL

URL: https://www.credomobile.com/
Title: credomobile.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://credo.cm/hozbKH HTTP 302
https://act.credoaction.com/sign/dccc-attacks?source=fb_post Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://d.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K?pv=11036257980.71186&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&arrfrr=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post HTTP 302
https://s.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K/J5RERW4ASNDBBPU2BOHWQA.js

Request Chain 21

https://www.facebook.com/tr/?id=595946343816001&ev=PixelInitialized&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416455&sw=1600&sh=1200&v=2.8.12&r=stable&ec=0&o=28&it=1520186416410 HTTP 302
https://cx.atdmt.com/?c=13868093575529551667&f=AYxnbG--3dhBTEl0X-oFXQmtuXW6jV1gUDxaDDr4cGipDHk8IlcR8nxs_zW-62X2an-9zN85lGfk5g8bc4-PF_EW&id=595946343816001&l=3&v=0

Request Chain 26

https://d.adroll.com/cm/n/out HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365 HTTP 307
https://pixel.rubiconproject.com/tap.php?cookie_redirect=1&v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365

Request Chain 27

https://d.adroll.com/cm/r/out HTTP 302
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1

Request Chain 28

https://d.adroll.com/cm/b/out HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U

Request Chain 29

https://d.adroll.com/cm/x/out HTTP 302
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U%27)

Request Chain 30

https://d.adroll.com/cm/l/out HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e&redirect=1

Request Chain 31

https://d.adroll.com/cm/o/out HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e

Request Chain 32

https://d.adroll.com/cm/g/out?google_nid=adroll4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=eyQTErKnOfXpsr5yeDs-Pg&google_ula=1535926 HTTP 302
https://d.adroll.com/cm/g/in?google_ula=1535926,0

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request dccc-attacks Show response
act.credoaction.com/sign/
Redirect Chain

http://credo.cm/hozbKH
https://act.credoaction.com/sign/dccc-attacks?source=fb_post

16 KB
6 KB

636ms
251ms

Document
text/html

13.56.44.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.44.124 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-56-44-124.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 41460c4181378f1f24318b4e0e0ebc0ac35e411b5443c87667815996d5369c20

Request headers

:path: /sign/dccc-attacks?source=fb_post
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
:authority: act.credoaction.com
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:15 GMT
x-handled-for: 148.251.45.254
x-machine-id: ip-10-50-2-73
server: nginx
vary: Cookie,Accept-Encoding,User-Agent
content-type: text/html; charset=utf-8
status: 200
x-pad: avoid browser bug
content-encoding: gzip
content-length: 5663

Redirect headers

Date: Sun, 04 Mar 2018 18:00:14 GMT
Server: openresty/1.11.2.2
X-Frame-Options: deny
Content-Type: text/html; charset=utf-8
Location: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
cache-control: max-age=100
Connection: keep-alive
Content-Length: 151

GET
H/1.1 200
OK style_2017.03.31.min.css.gz
d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/ 44 KB
9 KB 61ms
20ms Stylesheet
text/css 216.137.61.212
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/style_2017.03.31.min.css.gz
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 216.137.61.212 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-216-137-61-212.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 253407fec40d3e0bca8dc75a2a47ca29420e2a9dd5770e46ea7cff5dfd3d16d4

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 19 Nov 2017 06:21:06 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 Mar 2017 01:13:16 GMT
Server: AmazonS3
Age: 234163
ETag: "ddcf879304f199e596478f48db7f4993"
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 a907498188cf5fbb13fb98b2dcde84cd.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8636
X-Amz-Cf-Id: Xnp-X2rZJNwOUo3VvvVTrn82QUoCFwk-GA62S2pm-lSdy0JTPpCKrw==

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.1/ 92 KB
33 KB 31ms
5ms Script
text/javascript 216.58.206.10
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

216.58.206.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f10.1e100.net

Software

sffe /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 12 Feb 2018 19:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1721375
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 33333
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 19:50:40 GMT

GET
H2 200 actionkit.js Show response
act.credoaction.com/resources/ 73 KB
22 KB 186ms
185ms Script
application/x-javascript 13.56.44.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://act.credoaction.com/resources/actionkit.js
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.44.124 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-56-44-124.us-west-1.compute.amazonaws.com
Software: Apache/2.2.32 (Unix) DAV/2 /
Resource Hash: 4e4a926db334d5179960e271db68ad7b7f8e5b7bf6d4771d3ba8ec83a2fa0561

Request headers

:path: /resources/actionkit.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: act.credoaction.com
referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
:scheme: https
:method: GET
Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:15 GMT
x-handled-for: 148.251.45.254
content-type: application/x-javascript
last-modified: Thu, 01 Mar 2018 22:40:05 GMT
server: Apache/2.2.32 (Unix) DAV/2
vary: Accept-Encoding,User-Agent
x-machine-id: ip-10-50-2-73
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-encoding: gzip
content-length: 22372
expires: Mon, 05 Mar 2018 18:00:15 GMT

GET
H/1.1 200
OK credo.min.js.gzip Show response
d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/ 11 KB
3 KB 49ms
9ms Script
application/javascript 216.137.61.212
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/credo.min.js.gzip
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 216.137.61.212 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-216-137-61-212.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 94a8061b9e5df58bf0e7704a11c8b62eefe43b48d474e9c5e68d49c10a772c2e

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sat, 23 Sep 2017 16:44:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Feb 2014 17:52:58 GMT
Server: AmazonS3
Age: 236665
ETag: "7a19f7e2a96e47888eb82dde863f2e86"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 d2625240b33e8b85b3cbea9bb40abb10.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2397
X-Amz-Cf-Id: kFQ_2lPbykKdeoV9--QUDVVzmlcNnPTg2BhJq63t0k8kPgLrwuCHPQ==

GET
S 200 sp.js Show response
c.shpg.org/4/ 27 KB
7 KB 821ms
22ms Script
text/javascript 104.25.120.36
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.shpg.org/4/sp.js

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

104.25.120.36 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

62514d7d38b26d33a13459e1622985bbd10da6304f9334185ff5f1c89f091940

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

cf-ray: 3f663dce085d6397-FRA
date: Sun, 04 Mar 2018 18:00:16 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200, 200 OK
cache-control: public, max-age=1800
content-encoding: gzip
expires: Sun, 04 Mar 2018 18:30:16 GMT

GET
H/1.1 200
OK democrats-hold-the-line-180.jpg
d2omw6a1nm6pnh.cloudfront.net/images/ 18 KB
19 KB 59ms
21ms Image
image/jpeg 216.137.61.212
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2omw6a1nm6pnh.cloudfront.net/images/democrats-hold-the-line-180.jpg
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 216.137.61.212 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-216-137-61-212.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 502e1c29d77df781897112e4adfdf65087d9e1c94a6667f664d2c0259b96092e

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:11:10 GMT
Via: 1.1 c14a347f6edf184d204306cb833d0732.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2015 22:06:51 GMT
Server: AmazonS3
Age: 9754
ETag: "e5b79bda246bcb72d2cb733c59eff23d"
x-amz-meta-uuid: b765e648033648958038916443f8e424
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18545
X-Amz-Cf-Id: 1ntzspe3lr4Qv3UaRV9mkQ4MjM4_etiTfWR9bd4_ubsqTIMsDrEjDQ==

GET
S 200 CookieSet_Action.js Show response
www.credomobile.com/lp/sc/Cookie/ 666 B
1003 B 83ms
39ms Script
application/x-javascript 104.20.20.23
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.credomobile.com/lp/sc/Cookie/CookieSet_Action.js

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

104.20.20.23 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

5fb9fcd55d7bea144af466335f0e548d8e719fa9f815199fb537986e556f6cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:15 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
x-pid: 703F990A-AE82-3F22-B757-CCC6761BE1C4
x-powered-by: ASP.NET
status: 200
x-clientip: 251.166.213.115
last-modified: Wed, 21 Feb 2018 19:37:32 GMT
server: cloudflare
x-pps: 1
etag: W/"066686a4babd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: application/x-javascript
x-sl: 0
cache-control: public, max-age=2678400
x-ppm: 1
cf-ray: 3f663dc958526355-FRA
x-db: 0
expires: Wed, 04 Apr 2018 18:00:15 GMT

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 55 KB
21 KB 28ms
15ms Script
application/javascript 172.217.21.232
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TW7SNW

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

172.217.21.232 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f232.1e100.net

Software

Google Tag Manager (scaffolding) /

Resource Hash

925aa4250a5e4eb4a0ad257f27c9046a03743d54fdb025a48cc965cc326ad683

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 21143
x-xss-protection: 1; mode=block
expires: Sun, 04 Mar 2018 18:00:16 GMT

GET
H/1.1 200
OK credo-logo-240x100.png
d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/assets/ 3 KB
4 KB 10ms
9ms Image
image/png 216.137.61.212
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/assets/credo-logo-240x100.png
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 216.137.61.212 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-216-137-61-212.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2851bd2032e0ec3bd6f47681ca1fd671dcb3d8d4292eb722e0abeb1df8d49a84

Request headers

Referer: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/style_2017.03.31.min.css.gz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sat, 23 Sep 2017 16:44:34 GMT
Via: 1.1 c14a347f6edf184d204306cb833d0732.cloudfront.net (CloudFront)
Last-Modified: Wed, 08 Jan 2014 22:37:52 GMT
Server: AmazonS3
Age: 112232
ETag: "6c94287e906528ca7e8c54d70a0d72f7"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3251
X-Amz-Cf-Id: 6vCnZVbBR-IKP_ZN6AYuqi2ies2CEkO03ViVWfbGNaJdBO43v5ydTA==

GET
H2 200 dccc-attacks Show response
act.credoaction.com/context/ 8 KB
3 KB 239ms
238ms Script
text/javascript 13.56.44.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://act.credoaction.com/context/dccc-attacks?callback=actionkit.forms.onContextLoaded&form_name=act-petition&required=email&required=country&want_progress=1&r=0.08311383981086173&url=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/resources/actionkit.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.44.124 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-56-44-124.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 545a362644e4c15d9ef63b48ed73e5b95ac88b220b039887ca989cc78a1f841e

Request headers

:path: /context/dccc-attacks?callback=actionkit.forms.onContextLoaded&form_name=act-petition&required=email&required=country&want_progress=1&r=0.08311383981086173&url=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: act.credoaction.com
referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
:scheme: https
:method: GET
Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
x-handled-for: 148.251.45.254
x-machine-id: ip-10-50-1-30
server: nginx
vary: Cookie,Accept-Encoding,User-Agent
content-type: text/javascript
status: 200
cache-control: max-age=86400
content-encoding: gzip
content-length: 3059
expires: Mon, 05 Mar 2018 18:00:16 GMT

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 39 KB
13 KB 21ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

29451fb716c05b025bfb8a468767f7112baad0112dbc512d1610f64dbbad4bc0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: public
x-fb-debug: gRzxnBX+Go+FQ0szvHR28Srxi1CcCvatuyoi1kF0gnbA61789E8UqVI5kwYygMo4BBxkhXwmeBPWCbx80ghVZw==
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 04 Mar 2018 18:00:16 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
strict-transport-security: max-age=31536000; preload; includeSubDomains
vary: Accept-Encoding
content-length: 12439
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 13ms
13ms Script
text/javascript 173.194.76.155
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TW7SNW

Protocol

SPDY

Server

173.194.76.155 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

ws-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 Nov 2017 20:19:12 GMT
server: Golfe2
age: 4573
date: Sun, 04 Mar 2018 16:44:03 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 17097
expires: Sun, 04 Mar 2018 18:44:03 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 26 KB
9 KB 26ms
25ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TW7SNW
Protocol: HTTP/1.1
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 469cc967050973101a9efd5f0c2520efb8b7414875930419e86f01e28b8aad20

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-amz-version-id: iuzQDTIetciOryzskMd6m5vKtWNLU2xn
Content-Encoding: gzip
ETag: "374d4a57654c36728181a57b0ad40d44"
x-amz-request-id: D3B2F603620C6253
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8709
x-amz-id-2: JmEHbhHj1hS6sTM+yJXn8Yqmb2M9YJQpMHokPU6FK13Azllygk9yh9JjnYR34HZpSndbTU9ckL8=
Last-Modified: Thu, 01 Mar 2018 22:44:14 GMT
Server: AmazonS3
Date: Sun, 04 Mar 2018 18:00:16 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
S 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 16 KB
7 KB 69ms
42ms Script
text/javascript 216.58.214.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TW7SNW

Protocol

SPDY

Server

216.58.214.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s10-in-f66.1e100.net

Software

cafe /

Resource Hash

021a058202788f0bc13c6a03ad74e6ce204804f35e240b6d79689a0d2d91abca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 04 Mar 2018 18:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 2593202695413613340
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 6070
x-xss-protection: 1; mode=block
expires: Sun, 04 Mar 2018 18:00:16 GMT

GET
S 200 1598698800390548 Show response
connect.facebook.net/signals/config/ 56 KB
16 KB 8ms
8ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1598698800390548?v=2.8.12&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

93b9638a5473f2e116a5ad7ba42de1c6cb25f6a9d79bd78decd5aa6d16937fe9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15234
x-xss-protection: 0
pragma: public
x-fb-debug: tDQl6cbRcyfGYzxblRkoh9al4slGxkfc3mcHAnOAE0k4+dRPlXY1AMknq8sAUBkDWD0BR6MTDDUm2RTyY6AbrA==
x-frame-options: DENY
date: Sun, 04 Mar 2018 18:00:16 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 595946343816001 Show response
connect.facebook.net/signals/config/ 56 KB
15 KB 7ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/595946343816001?v=2.8.12&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

596b25dcdf98e90edbcca8eda3bf6d165b727a2362e55fcb87c8bd568490263e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15232
x-xss-protection: 0
pragma: public
x-fb-debug: s/nwQHMWuQnDYu5GAPOvwXNTy1Kj6cw5l9sJcFUlU3LAsw/yZvJ4R6J+jgj3IWAQwR0b6Sa0EUAUu6miyHjIIA==
x-frame-options: DENY
date: Sun, 04 Mar 2018 18:00:16 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
295 B 20ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1598698800390548&ev=PageView&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416428&sw=1600&sh=1200&v=2.8.12&r=stable&ec=0&o=28&it=1520186416410
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sun, 04 Mar 2018 18:00:16 GMT

GET
S 200 __utm.gif
stats.g.doubleclick.net/r/ 35 B
113 B 14ms
13ms Image
image/gif 173.194.76.155
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.1dc&utms=1&utmn=1327108197&utmhn=act.credoaction.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action&utmhid=944574398&utmr=-&utmp=%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&utmht=1520186416439&utmac=UA-7145508-2&utmgtm=G2rTW7SNW&utmcc=__utma%3D126356063.853553116.1520186416.1520186416.1520186416.1%3B%2B__utmz%3D126356063.1520186416.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=916038015&utmredir=3&utmu=qhAgAABAAAGBAAAAAgAAAAAE~

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

173.194.76.155 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

ws-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 04 Mar 2018 18:00:16 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 __utm.gif
stats.g.doubleclick.net/r/ 35 B
102 B 14ms
13ms Image
image/gif 173.194.76.155
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.1dc&utms=2&utmn=960359776&utmhn=act.credoaction.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action&utmhid=944574398&utmr=-&utmp=%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&utmht=1520186416442&utmac=UA-7145508-14&utmgtm=G2rTW7SNW&utmcc=__utma%3D126356063.853553116.1520186416.1520186416.1520186416.1%3B%2B__utmz%3D126356063.1520186416.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1504904322&utmredir=3&utmmt=1&utmu=qhAgAABAAAGBAAAAAgAAAAAE~

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

173.194.76.155 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

ws-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 04 Mar 2018 18:00:16 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

J5RERW4ASNDBBPU2BOHWQA.js Show response
s.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K/
Redirect Chain

https://d.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K?pv=11036257980.71186&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&arrfrr=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdcc...
https://s.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K/J5RERW4ASNDBBPU2BOHWQA.js

3 KB
2 KB

112ms
112ms

Script
text/javascript

2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K/J5RERW4ASNDBBPU2BOHWQA.js
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c40669aa78241f0f23569c286c3b546dc3914cc87b6425873061e3d3b5b82a5

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-amz-version-id: ymg_6UaIwinSGx9Tp8C9Wpq3FMvU4UTv
Content-Encoding: gzip
ETag: "54d7a53edc58ce4b745e83a1bafdfb60"
x-amz-request-id: 6CEBF5B6601B4306
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1255
x-amz-id-2: 2fK5FGnyS39uzHX+/Uh1dprqcxnFEGtRu/Y0k5glGMVaGdmWJe/jA51EJhGfJGSbBfKCp1WaEz4=
Last-Modified: Thu, 09 Nov 2017 21:39:09 GMT
Server: AmazonS3
Date: Sun, 04 Mar 2018 18:00:16 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Sun, 04 Mar 2018 18:00:16 GMT
X-Segment-Display-Name
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
X-Conversion-Value: 0.0
Server: nginx/1.12.1
X-Rule: *credoaction.com*
X-Segment-Eid: J5RERW4ASNDBBPU2BOHWQA
Location: https://s.adroll.com/pixel/3Y2XLU4D4NG75A7IRK5EJV/6CFJ3C4GR5EA3JRUEOBQ6K/J5RERW4ASNDBBPU2BOHWQA.js
Cache-Control: no-store, no-cache, must-revalidate
X-Pixel-Eid: 6CFJ3C4GR5EA3JRUEOBQ6K
X-Segment-Name: credo_action_all_visitors
X-Advertisable-Eid: 3Y2XLU4D4NG75A7IRK5EJV
X-Conversion-Currency

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1598698800390548&ev=PixelInitialized&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416455&sw=1600&sh=1200&v=2.8.12&r=stable&ec=1&o=28&it=1520186416410
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sun, 04 Mar 2018 18:00:16 GMT

GET
S

200

/
cx.atdmt.com/
Redirect Chain

https://www.facebook.com/tr/?id=595946343816001&ev=PixelInitialized&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416455&sw=1600&sh=1200&v=2.8...
https://cx.atdmt.com/?c=13868093575529551667&f=AYxnbG--3dhBTEl0X-oFXQmtuXW6jV1gUDxaDDr4cGipDHk8IlcR8nxs_zW-62X2an-9zN85lGfk5g8bc4-PF_EW&id=595946343816001&l=3&v=0

42 B
407 B

57ms
38ms

Image
image/gif

185.60.216.6
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cx.atdmt.com/?c=13868093575529551667&f=AYxnbG--3dhBTEl0X-oFXQmtuXW6jV1gUDxaDDr4cGipDHk8IlcR8nxs_zW-62X2an-9zN85lGfk5g8bc4-PF_EW&id=595946343816001&l=3&v=0
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: SPDY
Server: 185.60.216.6 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

status: 200
date: Sun, 04 Mar 2018 18:00:16 GMT
content-type: image/gif
content-length: 42
p3p: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"

Redirect headers

pragma: no-cache
date: Sun, 04 Mar 2018 18:00:16 GMT
server: proxygen-bolt
status: 302
content-type: text/plain
location: https://cx.atdmt.com/?c=13868093575529551667&f=AYxnbG--3dhBTEl0X-oFXQmtuXW6jV1gUDxaDDr4cGipDHk8IlcR8nxs_zW-62X2an-9zN85lGfk5g8bc4-PF_EW&id=595946343816001&l=3&v=0
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
S 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1068299165/ 2 KB
2 KB 42ms
18ms Script
text/javascript 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068299165/?random=1520186416471&cv=9&fst=1520186416471&num=1&label=m1v6CIvAxAoQneez_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G2r&frm=0&url=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&tiba=Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

SPDY

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

6e150aec1f2052118f4ab51a565d86cc6261ac263b636b9bb536f995df0ffc6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Mar 2018 18:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 1026
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.com/ads/user-lists/1068299165/ 42 B
155 B 15ms
14ms Image
image/gif 172.217.21.228
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/user-lists/1068299165/?random=1520186416471&cv=9&fst=1520186400000&num=1&label=m1v6CIvAxAoQneez_QM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&tiba=Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action&async=1&fmt=3&cdct=2&is_vtc=1&random=3877931624&resp=GooglemKTybQhCsO&gtm=G2r&rmt_tld=0&ipr=y

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

172.217.21.228 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f228.1e100.net

Software

adclick_server /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Mar 2018 18:00:16 GMT
x-content-type-options: nosniff
server: adclick_server
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.de/ads/user-lists/1068299165/ 42 B
144 B 19ms
19ms Image
image/gif 172.217.21.227
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/user-lists/1068299165/?random=1520186416471&cv=9&fst=1520186400000&num=1&label=m1v6CIvAxAoQneez_QM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&tiba=Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action&async=1&fmt=3&cdct=2&is_vtc=1&random=3877931624&resp=GooglemKTybQhCsO&gtm=G2r&rmt_tld=1&ipr=y

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

SPDY

Server

172.217.21.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f3.1e100.net

Software

adclick_server /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 04 Mar 2018 18:00:16 GMT
x-content-type-options: nosniff
server: adclick_server
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dccc-attacks Show response
act.credoaction.com/progress/ 210 B
398 B 254ms
254ms Script
text/javascript 13.56.44.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://act.credoaction.com/progress/dccc-attacks?form_name=act-petition&callback=actionkit.forms.onProgressLoaded
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/resources/actionkit.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.44.124 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-56-44-124.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a4ae0ebdffdebc686c787449633d611fe517e295a75c1cc74010a24b30459d2c

Request headers

:path: /progress/dccc-attacks?form_name=act-petition&callback=actionkit.forms.onProgressLoaded
pragma: no-cache
cookie: __utma=126356063.853553116.1520186416.1520186416.1520186416.1; __utmc=126356063; __utmz=126356063.1520186416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_UA-7145508-2=1; __utmt_UA-7145508-14=1; __utmb=126356063.2.10.1520186416; __ar_v4=
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: act.credoaction.com
referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
:scheme: https
:method: GET
Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
x-handled-for: 148.251.45.254
x-machine-id: ip-10-50-2-73
server: nginx
vary: Cookie,Accept-Encoding,User-Agent
content-type: text/javascript
status: 200
cache-control: max-age=86400
content-encoding: gzip
content-length: 171
expires: Mon, 05 Mar 2018 18:00:16 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365
https://pixel.rubiconproject.com/tap.php?cookie_redirect=1&v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365

42 B
853 B

17ms
17ms

Image
image/gif

62.67.193.85
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?cookie_redirect=1&v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 62.67.193.85 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: Rubicon Project
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-RPHost: yB7gIJV4kQ52FxhzLN-Vbw
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: Rubicon Project
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: /tap.php?cookie_redirect=1&v=194538&nid=3644&put=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U&expires=365
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

pixel
ads.yahoo.com/
Redirect Chain

https://d.adroll.com/cm/r/out
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1

0
1 KB

98ms
31ms

Image
text/plain

217.12.15.54
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

HTTP/1.1

Server

217.12.15.54 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

mpr2.ngd.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Public-Key-Pins-Report-Only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
Connection: keep-alive
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 181

GET
H/1.1

200
OK

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out
https://x.bidswitch.net/sync?dsp_id=44&user_id=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U

43 B
346 B

92ms
60ms

Image
image/gif

52.58.187.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 52.58.187.113 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-58-187-113.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 43

Redirect headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://x.bidswitch.net/sync?dsp_id=44&user_id=N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 96

GET
H/1.1

200
OK

pxj
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U%27)

0
591 B

38ms
14ms

Image
text/html

185.33.223.204
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U%27)

Requested by

Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post

Protocol

HTTP/1.1

Server

185.33.223.204 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:18 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 319.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.51:80
AN-X-Request-Uuid: f7fc0e55-2e66-4d9f-b90e-93e586e262ae
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('N2IyNDEzMTJiMmE3MzlmNWU5YjJiZTcyNzgzYjNlM2U')
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 113

GET
H/1.1

200
OK

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out
https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e
https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e&redirect=1

43 B
533 B

152ms
152ms

Image
image/gif

54.87.211.125
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e&redirect=1
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 54.87.211.125 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-87-211-125.compute-1.amazonaws.com
Software: /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Connection: keep-alive
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Content-Length: 43
Content-Type: image/gif; charset=ISO-8859-1

Redirect headers

Location: https://idsync.rlcdn.com/377928.gif?partner_uid=7b241312b2a739f5e9b2be72783b3e3e&redirect=1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif; charset=ISO-8859-1
Content-Length: 0
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"

GET
H/1.1

200
OK

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out
https://us-u.openx.net/w/1.0/sd?id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e

43 B
317 B

20ms
20ms

Image
image/gif

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 173.241.240.143 New York, United States, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/13.4.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: OXGW/13.4.1
Vary: Accept
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=7b241312b2a739f5e9b2be72783b3e3e
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: OXGW/13.4.1
Content-Length: 0
P3P: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?google_nid=adroll4
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=eyQTErKnOfXpsr5yeDs-Pg&google_ula=1535926
https://d.adroll.com/cm/g/in?google_ula=1535926,0

35 B
490 B

27ms
27ms

Image
image/gif

54.246.116.149
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in?google_ula=1535926,0
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 54.246.116.149 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-246-116-149.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: ce4e964329e64bb7128c1c1d602433a744b48f6dbc1212e65b2b5184bd8c6617

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 04 Mar 2018 18:00:16 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
X-Result: g.-1.-1.1535926.0.-1

Redirect headers

pragma: no-cache
date: Sun, 04 Mar 2018 18:00:16 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in?google_ula=1535926,0
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 246
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bar.gif
d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/assets/ 70 B
539 B 9ms
9ms Image
image/gif 216.137.61.212
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/assets/bar.gif
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: HTTP/1.1
Server: 216.137.61.212 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-216-137-61-212.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2c0f1ac7cd5578cf9fb65d1a00a52dec2fa299dab2c8754e5259dcfc61db6349

Request headers

Referer: https://d2omw6a1nm6pnh.cloudfront.net/templates/credo_ak_1.0-aws/style_2017.03.31.min.css.gz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sat, 23 Sep 2017 16:44:34 GMT
Via: 1.1 c14a347f6edf184d204306cb833d0732.cloudfront.net (CloudFront)
Last-Modified: Fri, 03 Jan 2014 01:02:46 GMT
Server: AmazonS3
Age: 475056
ETag: "a5aad155e57324148f92809e98f1c96c"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70
X-Amz-Cf-Id: RVtqQwqkMSfcj5dYu0tAaYPrYye6Mc7sNIQw9lzg-JlLE5efJmZtPg==

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1598698800390548&ev=Microdata&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416930&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22CREDO%20Action%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCREDO%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fd2omw6a1nm6pnh.cloudfront.net%2Fimages%2Fdemocrats-hold-the-line-1200.png%22%2C%22og%3Atitle%22%3A%22Signature%20needed%3A%20Democrats%20must%20fight%20for%20progressive%20values%22%2C%22og%3Adescription%22%3A%22I%20just%20signed%20a%20petition%20urging%20the%20Democratic%20Congressional%20Campaign%20Committee%20to%20stop%20attacking%20progressive%20values.%20I%20think%20you%20should%20too.%22%7D&cd[Meta]=%7B%22title%22%3A%22Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action%22%7D&cd[DataLayer]=%5B%5D&sw=1600&sh=1200&v=2.8.12&r=stable&ec=2&o=28&it=1520186416410
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sun, 04 Mar 2018 18:00:16 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=595946343816001&ev=Microdata&dl=https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%3Fsource%3Dfb_post&rl=&if=false&ts=1520186416956&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22CREDO%20Action%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fact.credoaction.com%2Fsign%2Fdccc-attacks%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2FCREDO%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fd2omw6a1nm6pnh.cloudfront.net%2Fimages%2Fdemocrats-hold-the-line-1200.png%22%2C%22og%3Atitle%22%3A%22Signature%20needed%3A%20Democrats%20must%20fight%20for%20progressive%20values%22%2C%22og%3Adescription%22%3A%22I%20just%20signed%20a%20petition%20urging%20the%20Democratic%20Congressional%20Campaign%20Committee%20to%20stop%20attacking%20progressive%20values.%20I%20think%20you%20should%20too.%22%7D&cd[Meta]=%7B%22title%22%3A%22Tell%20the%20Democratic%20Congressional%20Campaign%20Committee%3A%20Stop%20attacking%20progressive%20values%20%7C%20CREDO%20Action%22%7D&cd[DataLayer]=%5B%5D&sw=1600&sh=1200&v=2.8.12&r=stable&ec=1&o=28&it=1520186416410
Requested by: Host: act.credoaction.com
URL: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://act.credoaction.com/sign/dccc-attacks?source=fb_post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 04 Mar 2018 18:00:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sun, 04 Mar 2018 18:00:16 GMT

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.act.credoaction.com/	1970-01-20 16:16:26	Name: __ar_v4 Value: %7C3Y2XLU4D4NG75A7IRK5EJV%3A20180303%3A1%7C6CFJ3C4GR5EA3JRUEOBQ6K%3A20180303%3A1%7CJ5RERW4ASNDBBPU2BOHWQA%3A20180303%3A1
.credoaction.com/	1970-01-18 14:16:28	Name: __utmb Value: 126356063.2.10.1520186416
.credoaction.com/	1970-01-19 07:47:38	Name: __utma Value: 126356063.853553116.1520186416.1520186416.1520186416.1
.credoaction.com/	1970-01-18 18:39:14	Name: __utmz Value: 126356063.1520186416.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.credoaction.com/	1970-01-18 14:16:27	Name: __utmt_UA-7145508-14 Value: 1
.credoaction.com/	1970-01-18 14:16:27	Name: __utmt_UA-7145508-2 Value: 1
.credoaction.com/	1969-12-31 23:59:59	Name: __utmc Value: 126356063

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://act.credoaction.com/resources/actionkit.js(Line 29) Message: Template exception (id: progress)
console-api	log	URL: https://act.credoaction.com/resources/actionkit.js(Line 29) Message: ReferenceError: goal_type is not defined
console-api	log	URL: https://act.credoaction.com/resources/actionkit.js(Line 29) Message: 1017ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

act.credoaction.com
ads.yahoo.com
ajax.googleapis.com
c.shpg.org
cm.g.doubleclick.net
connect.facebook.net
credo.cm
cx.atdmt.com
d.adroll.com
d2omw6a1nm6pnh.cloudfront.net
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
pixel.rubiconproject.com
s.adroll.com
stats.g.doubleclick.net
us-u.openx.net
www.credomobile.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
104.20.20.23
104.25.120.36
13.56.44.124
172.217.21.227
172.217.21.228
172.217.21.232
172.217.22.98
173.194.76.155
173.241.240.143
185.33.223.204
185.60.216.19
185.60.216.35
185.60.216.6
2.18.233.40
216.137.61.212
216.58.206.10
216.58.207.66
216.58.214.66
217.12.15.54
52.21.33.16
52.58.187.113
54.246.116.149
54.247.110.64
54.87.211.125
62.67.193.85
021a058202788f0bc13c6a03ad74e6ce204804f35e240b6d79689a0d2d91abca
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
253407fec40d3e0bca8dc75a2a47ca29420e2a9dd5770e46ea7cff5dfd3d16d4
2851bd2032e0ec3bd6f47681ca1fd671dcb3d8d4292eb722e0abeb1df8d49a84
29451fb716c05b025bfb8a468767f7112baad0112dbc512d1610f64dbbad4bc0
2c0f1ac7cd5578cf9fb65d1a00a52dec2fa299dab2c8754e5259dcfc61db6349
41460c4181378f1f24318b4e0e0ebc0ac35e411b5443c87667815996d5369c20
469cc967050973101a9efd5f0c2520efb8b7414875930419e86f01e28b8aad20
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4a926db334d5179960e271db68ad7b7f8e5b7bf6d4771d3ba8ec83a2fa0561
502e1c29d77df781897112e4adfdf65087d9e1c94a6667f664d2c0259b96092e
545a362644e4c15d9ef63b48ed73e5b95ac88b220b039887ca989cc78a1f841e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
596b25dcdf98e90edbcca8eda3bf6d165b727a2362e55fcb87c8bd568490263e
5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5
5fb9fcd55d7bea144af466335f0e548d8e719fa9f815199fb537986e556f6cda
62514d7d38b26d33a13459e1622985bbd10da6304f9334185ff5f1c89f091940
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e150aec1f2052118f4ab51a565d86cc6261ac263b636b9bb536f995df0ffc6d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8c40669aa78241f0f23569c286c3b546dc3914cc87b6425873061e3d3b5b82a5
925aa4250a5e4eb4a0ad257f27c9046a03743d54fdb025a48cc965cc326ad683
93b9638a5473f2e116a5ad7ba42de1c6cb25f6a9d79bd78decd5aa6d16937fe9
94a8061b9e5df58bf0e7704a11c8b62eefe43b48d474e9c5e68d49c10a772c2e
a4ae0ebdffdebc686c787449633d611fe517e295a75c1cc74010a24b30459d2c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
ce4e964329e64bb7128c1c1d602433a744b48f6dbc1212e65b2b5184bd8c6617
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

act.credoaction.com Open in urlscan Pro 13.56.44.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

11 %HTTPS

0 %IPv6

21 Domains

24 Subdomains

22 IPs

5 Countries

214 kBTransfer

591 kBSize

7 Cookies

10 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

act.credoaction.com Open in urlscan Pro
13.56.44.124 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

11 %
HTTPS

0 %
IPv6

21
Domains

24
Subdomains

22
IPs

5
Countries

214 kB
Transfer

591 kB
Size

7
Cookies

37 HTTP transactions
0 data transactions