www.romeroinstitute.org Open in urlscan Pro
54.234.70.216 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.romero.gift/
Effective URL:
https://www.romeroinstitute.org/give
Submission: On August 06 via api (August 6th 2021, 12:54:32 am UTC) from US

Summary HTTP 74 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 20 domains to perform 74 HTTP transactions. The main IP is 54.234.70.216, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.romeroinstitute.org.
TLS certificate: Issued by R3 on July 16th 2021. Valid for: 3 months.

This is the only time www.romeroinstitute.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	35.238.70.19 35.238.70.19	15169 (GOOGLE) (GOOGLE)
3	54.234.70.216 54.234.70.216	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	52.219.120.88 52.219.120.88	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
10	13.225.84.216 13.225.84.216	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::ac43:459c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	45.60.33.183 45.60.33.183	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
7	2600:9000:21f... 2600:9000:21f3:a400:14:79be:a380:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:0:12:303c:8700:21	16509 (AMAZON-02) (AMAZON-02)
2	3.122.176.248 3.122.176.248	16509 (AMAZON-02) (AMAZON-02)
2	18.213.27.54 18.213.27.54	14618 (AMAZON-AES) (AMAZON-AES)
8	3.120.221.181 3.120.221.181	16509 (AMAZON-02) (AMAZON-02)
1	13.225.87.38 13.225.87.38	16509 (AMAZON-02) (AMAZON-02)
74	22

2 35.238.70.19 (Council Bluffs, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 19.70.238.35.bc.googleusercontent.com

www.romero.gift	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.234.70.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-70-216.compute-1.amazonaws.com

www.romeroinstitute.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.120.88 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1.amazonaws.com

s3-us-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.225.84.216 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-216.fra2.r.cloudfront.net

d1aqhv4sn5kxtx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:459c (United States)

ASN13335 (CLOUDFLARENET, US)

browser-update.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.60.33.183 (United States)

ASN19551 (INCAPSULA, US)

profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:21f3:a400:14:79be:a380:93a1 (United States)

ASN16509 (AMAZON-02, US)

js2.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:0:12:303c:8700:21 (United States)

ASN16509 (AMAZON-02, US)

d3rse9xjbp8270.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.176.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-176-248.eu-central-1.compute.amazonaws.com

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.213.27.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-27-54.compute-1.amazonaws.com

vgs-collect-keeper.apps.verygood.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.120.221.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-38.fra2.r.cloudfront.net

checkout.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	google-analytics.com www.google-analytics.com	39 KB
11	cloudfront.net d1aqhv4sn5kxtx.cloudfront.net d3rse9xjbp8270.cloudfront.net	357 KB
8	braintreegateway.com client-analytics.braintreegateway.com	1 KB
7	verygoodvault.com js2.verygoodvault.com	263 KB
5	doubleclick.net stats.g.doubleclick.net	268 B
3	everyaction.com secure.everyaction.com	11 KB
3	gstatic.com fonts.gstatic.com	66 KB
3	cloudflare.com cdnjs.cloudflare.com	30 KB
3	romeroinstitute.org www.romeroinstitute.org	84 KB
2	verygood.systems vgs-collect-keeper.apps.verygood.systems	313 B
2	braintree-api.com payments.braintree-api.com	1 KB
2	browser-update.org browser-update.org	14 KB
2	facebook.com www.facebook.com	165 B
2	facebook.net connect.facebook.net	97 KB
2	googletagmanager.com www.googletagmanager.com	81 KB
2	romero.gift 2 redirects www.romero.gift	425 B
1	paypal.com checkout.paypal.com	3 KB
1	ngpvan.com profile.ngpvan.com	750 B
1	amazonaws.com s3-us-west-1.amazonaws.com	47 KB
1	googleapis.com fonts.googleapis.com	1 KB
74	20

	Domain	Requested by
15	www.google-analytics.com	www.romeroinstitute.org www.google-analytics.com www.googletagmanager.com
10	d1aqhv4sn5kxtx.cloudfront.net	www.romeroinstitute.org d1aqhv4sn5kxtx.cloudfront.net www.googletagmanager.com
8	client-analytics.braintreegateway.com	d1aqhv4sn5kxtx.cloudfront.net
7	js2.verygoodvault.com	d1aqhv4sn5kxtx.cloudfront.net js2.verygoodvault.com
5	stats.g.doubleclick.net	www.google-analytics.com
3	secure.everyaction.com	d1aqhv4sn5kxtx.cloudfront.net
3	fonts.gstatic.com	fonts.googleapis.com
3	cdnjs.cloudflare.com	www.romeroinstitute.org
3	www.romeroinstitute.org	www.romeroinstitute.org
2	vgs-collect-keeper.apps.verygood.systems	js2.verygoodvault.com
2	payments.braintree-api.com	d1aqhv4sn5kxtx.cloudfront.net
2	browser-update.org	www.romeroinstitute.org browser-update.org
2	www.facebook.com	www.romeroinstitute.org connect.facebook.net
2	connect.facebook.net	www.romeroinstitute.org connect.facebook.net
2	www.googletagmanager.com	www.romeroinstitute.org d1aqhv4sn5kxtx.cloudfront.net
2	www.romero.gift	2 redirects
1	checkout.paypal.com	d1aqhv4sn5kxtx.cloudfront.net
1	d3rse9xjbp8270.cloudfront.net	www.googletagmanager.com
1	profile.ngpvan.com	d1aqhv4sn5kxtx.cloudfront.net
1	s3-us-west-1.amazonaws.com	www.romeroinstitute.org
1	fonts.googleapis.com	www.romeroinstitute.org
74	21

This site contains links to these domains. Also see Links.

Domain
browser-update.org
romero-institute.squarespace.com
careers.romeroinstitute.org
www.facebook.com
instagram.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.romeroinstitute.org R3	`2021-07-16` - `2021-10-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.s3-us-west-1.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.ngpvan.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-01-14` - `2022-01-14`	a year	crt.sh
*.verygoodvault.com Amazon	`2021-03-19` - `2022-04-17`	a year	crt.sh
*.everyaction.com RapidSSL TLS RSA CA G1	`2020-05-28` - `2022-05-28`	2 years	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2020-12-14` - `2022-01-14`	a year	crt.sh
vgs-collect-keeper.apps.verygood.systems R3	`2021-07-27` - `2021-10-25`	3 months	crt.sh
client-analytics.braintreegateway.com DigiCert SHA2 High Assurance Server CA	`2020-05-01` - `2022-05-06`	2 years	crt.sh
checkout.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-07-07` - `2022-08-07`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.romeroinstitute.org/give
Frame ID: 4CC10EADF05FEC51723CA5E378245B00
Requests: 61 HTTP requests in this frame

Frame: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
Frame ID: 50795DE953750604B9373BD9152B2CFE
Requests: 4 HTTP requests in this frame

Frame: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
Frame ID: 683DCC2E848874718B87B4D263B3BB32
Requests: 4 HTTP requests in this frame

Frame: https://checkout.paypal.com/web/3.44.2/html/dispatch-frame.min.html
Frame ID: E9DC264732305444BD7E0B59F89F7F63
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.romero.gift/ HTTP 301
https://www.romero.gift/ HTTP 302
https://www.romeroinstitute.org/give Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

74
Requests

100 %
HTTPS

59 %
IPv6

20
Domains

21
Subdomains

22
IPs

3
Countries

1097 kB
Transfer

3379 kB
Size

8
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://browser-update.org/update-browser.html#3.3.31:www.romeroinstitute.org
Title: Update browser

Search URL Search Domain Scan URL

URL: https://romero-institute.squarespace.com/
Title: Store

Search URL Search Domain Scan URL

URL: http://careers.romeroinstitute.org/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.facebook.com/romeroinstitute

Search URL Search Domain Scan URL

URL: https://instagram.com/romeroinstitute
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/RomeroInstitute

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/RomeroInstitute
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.romero.gift/ HTTP 301
https://www.romero.gift/ HTTP 302
https://www.romeroinstitute.org/give Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request give Show response
www.romeroinstitute.org/
Redirect Chain

http://www.romero.gift/
https://www.romero.gift/
https://www.romeroinstitute.org/give

54 KB
14 KB

622ms
278ms

Document
text/html

54.234.70.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.romeroinstitute.org/give
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.234.70.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-70-216.compute-1.amazonaws.com
Software: Apache 2.x /
Resource Hash: cce4ff80d8502faa2b95dc197476ef1009dcd695f9374c31a359d67f2cadd894

Request headers

:method: GET
:authority: www.romeroinstitute.org
:scheme: https
:path: /give
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
server: Apache 2.x
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
charset: utf-8
set-cookie: CraftSessionId=43bbe0d8847eff4ccd4986c26ad4091d; path=/; secure; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
content-length: 13601
content-type: text/html; charset=utf-8

Redirect headers

Server: openresty/1.19.3.2
Date: Fri, 06 Aug 2021 00:54:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 279
Connection: keep-alive
Location: https://www.romeroinstitute.org/give

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Alegreya+Sans:400,400i,700,700i|Vollkorn:400,400i

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

09c694805f8212ae27f967c6430a08775dc1b0027cf8c9441df9033d17572899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 00:54:08 GMT
server: ESF
date: Fri, 06 Aug 2021 00:54:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Aug 2021 00:54:08 GMT

GET
H2 200 bundle.css
www.romeroinstitute.org/assets/css/ 181 KB
31 KB 156ms
155ms Stylesheet
text/css 54.234.70.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.romeroinstitute.org/assets/css/bundle.css?v=1575937092
Requested by: Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.234.70.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-70-216.compute-1.amazonaws.com
Software: Apache 2.x /
Resource Hash: 3cb2f659bd60db49d8e9996672e85ad787d263703c9e27659a41abdae3730e36

Request headers

:path: /assets/css/bundle.css?v=1575937092
pragma: no-cache
cookie: CraftSessionId=43bbe0d8847eff4ccd4986c26ad4091d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.romeroinstitute.org
referer: https://www.romeroinstitute.org/give
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 00:18:12 GMT
server: Apache 2.x
etag: "2d4f8-5994e7293dcaf-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 31937

GET
H/1.1 200
OK Chase-Danny-Sara-InteriorDept.jpg
s3-us-west-1.amazonaws.com/romero-institute/uploads/general/_excerptBasicDesktop/ 46 KB
47 KB 858ms
250ms Image
image/jpeg 52.219.120.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-us-west-1.amazonaws.com/romero-institute/uploads/general/_excerptBasicDesktop/Chase-Danny-Sara-InteriorDept.jpg?mtime=20210402152110
Requested by: Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.120.88 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 35590efca5e54caeaa1ecf467014cbe9d128c06d6450e4aed522250786e04320

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 00:54:10 GMT
Last-Modified: Fri, 02 Apr 2021 22:25:36 GMT
Server: AmazonS3
x-amz-request-id: 1NZZX4ZB9TD0CS5D
ETag: "4e66d3253371380bac539e180d9411b6"
x-amz-version-id: rLrmDbKEAR8tJKsLmLIJ04z3X5gWJVPd
Cache-Control: max-age=60, must-revalidate
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 47574
x-amz-id-2: J15BCSrvQyuQg6i6/9GUyKKqDmsAoxx/zjnuzID8XR4UL0FXBKztLiT0/2KCIWkG/4WxbS3bJXo=

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ 84 KB
27 KB 12ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2618367
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 26909
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-14e4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlGm7RhICzFCvgxlRQO5N5z64KBkGpPtBZKTw5ZqxSfvUuUPhTE7gri%2FZvyzXkKzo%2F2TL5pX3ZnJv5e5QNUH9ijj5XCi8d1I7jbM3i6wGCsRPTN8tUwaf%2B69Pcn2zcAh%2BWRcY6JWWTESp46%2FFWlpuwuf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67a44ad10d514345-FRA
expires: Wed, 27 Jul 2022 00:54:08 GMT

GET
H2 200 jquery.fitvids.min.js Show response
cdnjs.cloudflare.com/ajax/libs/fitvids/1.2.0/ 2 KB
1 KB 13ms
12ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/fitvids/1.2.0/jquery.fitvids.min.js

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c0f36f1b94109d51249d23c8e9722399b1fef6206b7578171dc758a811f6bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1189082
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 658
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5c-724"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JcSLOIVehTg9eXLJXDLNQEYvLAVP8o35KM9OB3RE3ru9s%2BeNoMJMGGD2IsJJ5%2FcxC2SbzdV7D02wSdkjWPN77O3wu53UKQklmSvRd6GIewoBKJZobj1RbatA6H0KYxtNH3yRFdES%2Fabhix7NiRiI0IYM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67a44ad10d534345-FRA
expires: Wed, 27 Jul 2022 00:54:08 GMT

GET
H2 200 jquery.smoothState.min.js Show response
cdnjs.cloudflare.com/ajax/libs/smoothState.js/0.7.2/ 6 KB
2 KB 14ms
13ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/smoothState.js/0.7.2/jquery.smoothState.min.js

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c8d11c1545728ed04f93110889d14ab4e2bab25da5967f1dc8c85d2667291f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1188901
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2034
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-1667"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LsE6axiUaLTWnlJrvr27TgK4d1A0bz8aSHrhaSaygrzhWptg74QsSPUEDyTFf3c%2BMShHYqNRGGaFz4oYD5YLYUT0xYdStmkKXnMvw90x9qhcpAuNi4IePvLGACA4O8LnXO%2BvDiMcQaCudN3TqYzLf4dH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67a44ad10d554345-FRA
expires: Wed, 27 Jul 2022 00:54:08 GMT

GET
H2 200 bundle.min.js Show response
www.romeroinstitute.org/assets/js/ 110 KB
39 KB 260ms
259ms Script
application/javascript 54.234.70.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.romeroinstitute.org/assets/js/bundle.min.js?v=1575937093
Requested by: Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.234.70.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-70-216.compute-1.amazonaws.com
Software: Apache 2.x /
Resource Hash: d3dff78c32c36a0e7941f3cd535460bf140b19126b694b98f44e7170068a578a

Request headers

:path: /assets/js/bundle.min.js?v=1575937093
pragma: no-cache
cookie: CraftSessionId=43bbe0d8847eff4ccd4986c26ad4091d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.romeroinstitute.org
referer: https://www.romeroinstitute.org/give
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 00:18:13 GMT
server: Apache 2.x
etag: "1b852-5994e729f65bd-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 39688

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 113 KB
40 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MQP2HCH

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1a72fcd935713fbcd82a4f24f8dc21759b5fa42ea496d7f476be4635c3a57c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:08 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41350
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 00:54:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4654
date: Thu, 05 Aug 2021 23:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 01:36:34 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=887108923&t=pageview&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=921643816&gjid=2012563179&cid=855812241.1628211249&tid=UA-58473290-1&_gid=444313541.1628211249&_r=1&_slc=1&z=1332064328

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
90 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-108007622-4&cid=855812241.1628211249&jid=89538033&gjid=634249135&_gid=444313541.1628211249&_u=aGDAgEABAAAAAG~&z=2142936509

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 00:54:08 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-108007622-1&cid=855812241.1628211249&jid=1458791049&gjid=1067432969&_gid=444313541.1628211249&_u=aGDAiEABBAAAAG~&z=8611540

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 00:54:08 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: cSfUa9SGBwmx8zpoUgZg44iUHlszEoQluo9SP6mzYawhrj4TfUhMrCId8vsty22H+3JCSV/+1FNOmPMZcsPqwQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Fri, 06 Aug 2021 00:54:08 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=pageview&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&dp=%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEABAAAAAC~&jid=89538033&gjid=634249135&cid=855812241.1628211249&tid=UA-108007622-4&_gid=444313541.1628211249&gtm=2wg840MQP2HCH&z=945423481

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
8ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=pageview&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&dp=%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAAG~&jid=1458791049&gjid=1067432969&cid=855812241.1628211249&tid=UA-108007622-1&_gid=444313541.1628211249&gtm=2wg840MQP2HCH&z=1439994184

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-58473290-1&cid=855812241.1628211249&jid=921643816&gjid=2012563179&_gid=444313541.1628211249&_u=IEBAAEAAAAAAAC~&z=452785336

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 00:54:08 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 111464702894229 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 136ms
134ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/111464702894229?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

99e3b1e979c7ce9aa6bafa6e9193b253aa4bbcab6da45ecddf516f71a80af379

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: gTiBAX1/jQJhogVEI+TDDj2Oq6nf6Afl3i7E1IiybBBsKgJtZxtWYmBmDoDmJMAPYa7EmiBEDPEtf8nnT7afoQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 06 Aug 2021 00:54:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=111464702894229&ev=PageView&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&rl=&if=false&ts=1628211249072&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1628211249071.1387111817&it=1628211248910&coo=false&rqm=GET

Requested by

Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:09 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 06 Aug 2021 00:54:09 GMT

GET
H2 200 5aUz9_-1phKLFgshYDvh6Vwt7VptvQ.woff2
fonts.gstatic.com/s/alegreyasans/v14/ 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/alegreyasans/v14/5aUz9_-1phKLFgshYDvh6Vwt7VptvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya+Sans:400,400i,700,700i|Vollkorn:400,400i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47b4a429dfd49246943a5c9b27c1ebba0a7757140e0ffa8ee2d1a0236dfc402c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.romeroinstitute.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 18:26:18 GMT
x-content-type-options: nosniff
age: 282471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21800
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:43:06 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 18:26:18 GMT

GET
H2 200 0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2
fonts.gstatic.com/s/vollkorn/v13/ 23 KB
23 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v13/0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya+Sans:400,400i,700,700i|Vollkorn:400,400i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81b272ee12428f8ca0fce45648c8be8dae8c98a6e1749a6c1821f6611775c1d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.romeroinstitute.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:01 GMT
x-content-type-options: nosniff
age: 257288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23136
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:07:29 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:01 GMT

GET
H2 200 5aUu9_-1phKLFgshYDvh6Vwt5eFIqEp2iw.woff2
fonts.gstatic.com/s/alegreyasans/v14/ 21 KB
22 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/alegreyasans/v14/5aUu9_-1phKLFgshYDvh6Vwt5eFIqEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya+Sans:400,400i,700,700i|Vollkorn:400,400i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

294721ef4c082ea4a63c980fcdb0c11c1037f5d614dff1fdcbe0b949c91da3b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.romeroinstitute.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 11:56:44 GMT
x-content-type-options: nosniff
age: 219445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21912
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:50:58 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 11:56:44 GMT

GET
H/1.1 200
OK at.js Show response
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 826 KB
234 KB 219ms
69ms Script
application/javascript 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Requested by: Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/assets/js/bundle.min.js?v=1575937093
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 880c207abf4ff0c01df193cb0cf081d3cb8c86d1e1b49b5064daa67ac0d4325b

Request headers

Origin: https://www.romeroinstitute.org
Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:33:47 GMT
Content-Encoding: gzip
Age: 37223
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 238615
Access-Control-Allow-Origin: *
Last-Modified: Tue, 03 Aug 2021 14:33:20 GMT
Server: AmazonS3
ETag: "2b8738d1ca69525b26cc25c8a612c74f"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Via: 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront)
Cache-Control: max-age=900, s-maxage=86400, public
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: AQxdt7MAfjcLQjUygSkl1v_Zh__IZ91Xkpls7_ko92HwqwakRg9F1Q==

GET
H2 200 update.min.js Show response
browser-update.org/ 9 KB
5 KB 30ms
15ms Script
application/javascript 2606:4700:20::ac43:459c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-update.org/update.min.js
Requested by: Host: www.romeroinstitute.org
URL: https://www.romeroinstitute.org/give
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:459c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fd07911935a6cddda712673be5c3a6179d57328f016b40db8706491f2cd4203

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 01 Aug 2021 15:39:02 GMT
server: cloudflare
age: 378890
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UT5zQQ%2FtF2UpqBdgAhjrNbH%2BMYttc0UN9a4oDMsqUhBB911Q7apGN2ls6OGaS88FRmFs1uUT0VhtN%2ByElVe%2F8QAueSCfnjdKrDOzeVZOJ49qvWf5wfbq0M8frtKXn24PhKFCvIvunUUtbzhLpPYnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a44ad36f7fe00b-FRA
expires: Mon, 02 Aug 2021 15:39:19 GMT

GET
H2 200 update.show.min.js Show response
browser-update.org/ 21 KB
10 KB 18ms
18ms Script
application/javascript 2606:4700:20::ac43:459c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-update.org/update.show.min.js
Requested by: Host: browser-update.org
URL: https://browser-update.org/update.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:459c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e98e5f2079a8b9edf4621a42bd064f2c3ff4dfb7cb105715ed483d24a52b99c2

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 01 Aug 2021 15:39:03 GMT
server: cloudflare
age: 378892
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJPjDoYII3l7OWUffaBBGRf70NWApq2WKDx%2BErlgaZ0lz0WSH645JAHeP6b9IBBM1LWLNQuiM8ZNmOxOg3L%2F%2BxRboAZ6xcuKnz61M%2FyY2LY33E7Acd2vSfTLuzabfOyReQqSXFyeINrk1%2FRls3TxKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a44ad38fb4e00b-FRA
expires: Mon, 02 Aug 2021 15:39:17 GMT

GET
H2 204 identity Show response
profile.ngpvan.com/ 0
750 B 557ms
476ms Script
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/identity?callback=_jqjsp
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:09 GMT
reason: Returned 204 - No Content. Referrer not whitelisted
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
x-iinfo: 8-14614162-14614164 NNNN CT(-1 -1 2) RT(1628211249067 0) q(0 0 3 0) r(5 5) U11
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
40 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02cff00331a038600f267ef1720f45f29eac1dd8d4c346fb4cbada4ba1cda832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 00:54:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40990
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 00:54:09 GMT

GET
H/1.1 200
OK at.min.css
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 112 KB
21 KB 153ms
58ms Stylesheet
text/css 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.min.css
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eb1c73a955993a11872cdd50098067c501219b8a7f39491f0c9b95867b844498

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:34:20 GMT
Content-Encoding: gzip
Age: 37222
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 20693
Access-Control-Allow-Origin: *
Last-Modified: Tue, 03 Aug 2021 14:33:20 GMT
Server: AmazonS3
ETag: "380e71163bb3bda2c2c68b3928c5d4ce"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Via: 1.1 d9bf8acc1da383db4531789bbb03ac07.cloudfront.net (CloudFront)
Cache-Control: max-age=900, s-maxage=86400, public
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: ySHPZYjn_27FgXpLQuf4dY67XZvACChJJo5jzsQIcpixYHss7TIR_Q==

GET
H/1.1 200
OK extra.min.css
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 93 KB
16 KB 153ms
51ms Stylesheet
text/css 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/extra.min.css
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cc5d3426179f9d10f8cd42257a906e862a1bdf69bbac19d493f23bc07506daeb

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:34:20 GMT
Content-Encoding: gzip
Age: 37222
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15884
Access-Control-Allow-Origin: *
Last-Modified: Tue, 03 Aug 2021 14:33:20 GMT
Server: AmazonS3
ETag: "d7b95cc20d5b62ff77964b6b856738a8"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
Cache-Control: max-age=900, s-maxage=86400, public
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: ExEeqWQpuNS9poSAWLHnlR-Nfg6LjS6Mp2bZvjhAvFp3FFUZNei4rQ==

POST
H3-29 200 /
www.facebook.com/tr/ 0
18 B 14ms
7ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUZR5HA3KBECrL2jk

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 06 Aug 2021 00:54:09 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js2.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 63ms
15ms Script
application/javascript 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: s108w9ESk9MsUpkYVuIVY.XmC2guOF28
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:27 GMT
Server: AmazonS3
Age: 31
ETag: W/"9b953aa54ddcf3f41bc5a40e25cf8452"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
Connection: keep-alive
Date: Fri, 06 Aug 2021 00:53:39 GMT
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: SRB5ZfSQ8R7IhUooRgxtubFjslKXxmkjGr3so5UihDRkDlHE3tfRYg==

GET
H/1.1 200
OK aPvMCA7T_0ebZP2Wfc4jFA2 Show response
secure.everyaction.com/v1/Forms/ 17 KB
7 KB 667ms
589ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/v1/Forms/aPvMCA7T_0ebZP2Wfc4jFA2

Requested by

Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0ef10a4c0e7ca19f035aae2516240e88b6d8cb76cc37db7a2073120f4bdb1f84

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
X-Iinfo: 3-30240885-30240886 NNNN CT(114 235 0) RT(1628211249062 32) q(0 0 4 0) r(6 6) U18
Content-Length: 5829
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
X-Frame-Options: SAMEORIGIN
Date: Fri, 06 Aug 2021 00:54:09 GMT
Vary: Origin,Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, max-age=10
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=673&_u=aGDACEABBAAAAG~&jid=441072246&gjid=1359009031&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&_r=1&gtm=2wg8405L2FSL&z=1224691382

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4656
date: Thu, 05 Aug 2021 23:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 01:36:34 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 12ms
12ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=887108923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ContributionForm&ea=Form%20Load&el=Accelerator&ev=16&_u=aGDACEABBAAAAG~&jid=1171219669&gjid=589607844&cid=855812241.1628211249&tid=UA-28243511-20&_gid=444313541.1628211249&_r=1&gtm=2wg8405L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FEA%2FEA001%2F1%2F58070&cd3=4341924&cd4=1043335&cd5=Romero%20Donate%20-%20Major%20Donor%20Mailing%20(RI2005-DEV-MDDM)&cd6=aPvMCA7T_0ebZP2Wfc4jFA2&z=2051268069

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-28243511-20&cid=855812241.1628211249&jid=994641681&gjid=249048987&_gid=444313541.1628211249&_u=aGDAiEABBAAAAG~&z=98266721

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 00:54:10 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtmtools.js Show response
d3rse9xjbp8270.cloudfront.net/assets/js/ 5 KB
2 KB 56ms
12ms Script
application/javascript 2600:9000:20eb:0:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/js/gtmtools.js?v=20201015
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:0:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3640790896e1e02b28458ca856ec1009e6c9e5b5d4331333f5d216e70cd9aed2

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:57:36 GMT
content-encoding: gzip
age: 15375395
x-cache: Hit from cloudfront
content-length: 1161
access-control-allow-origin: *
last-modified: Thu, 15 Oct 2020 10:14:54 GMT
server: AmazonS3
etag: "b16ec9d34ecd972a365497b12bd66949"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: mLbCyefPV45J6oG6XX3Cv2Bsvd_NjUOpzxOc6AolcPUo8pNxYAxutQ==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
12ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=887108923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&dp=%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ContributionForm&ea=Form%20Load&el=Accelerator&ev=16&_u=aGDACEABBAAAAG~&jid=1832525448&gjid=2127292542&cid=855812241.1628211249&tid=UA-108007622-4&_gid=444313541.1628211249&_r=1&gtm=2wg840MQP2HCH&cd1=Romero%20Donate%20-%20Major%20Donor%20Mailing%20(RI2005-DEV-MDDM)&cd2=aPvMCA7T_0ebZP2Wfc4jFA2&cd3=4341924&cd4=1043335&z=508767333

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
12ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=887108923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&dp=%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ContributionForm&ea=Form%20Load&el=Accelerator&ev=16&_u=aGDACEABBAAAAG~&jid=2053118726&gjid=603167068&cid=855812241.1628211249&tid=UA-108007622-1&_gid=444313541.1628211249&_r=1&gtm=2wg840MQP2HCH&z=2098299686

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 403
Forbidden recurringat.js
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 0
0 434ms
433ms Script
application/xml 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/recurringat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQP2HCH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET

GET
H/1.1 200
OK formvalues.js Show response
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 900 B
1 KB 496ms
496ms Script
application/javascript 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/formvalues.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQP2HCH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6f943fa7418a0f190aba8aa7bc8098decbe8d4a3af3cd5e09b62024cf2af626

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 00:54:11 GMT
Via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
Last-Modified: Tue, 06 Aug 2019 21:06:21 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
ETag: "37dd12595d0804592dc305cc3fc9b396"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 900
X-Amz-Cf-Id: DX58ZwrlXE8E14ojSsIO3TvN2jur9-rbWx5DAhS0rGn0Y5uM0jN_MQ==

GET
DATA 200
OK truncated
/ 784 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK intl-tel.input.utils.js Show response
d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/js/ 229 KB
52 KB 143ms
47ms Script
application/javascript 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/js/intl-tel.input.utils.js
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 47eaed42f703bb0f06ba33a785d63b4fcb7e88eac47cc217a70dc2c7ccefea72

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 27 Jul 2021 23:36:35 GMT
Content-Encoding: gzip
Age: 782256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 52457
Access-Control-Allow-Origin: *
Last-Modified: Thu, 03 Oct 2019 17:12:27 GMT
Server: AmazonS3
ETag: "0e171f16b707862d9a5a9168f0edc967"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Via: 1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
Cache-Control: max-age=31536000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: 8TsBkIKLSUE4jpOzcOt7uFUlt5_6tNIg2dYK9_saGK7yL6KMBh4vMQ==

GET
H/1.1 200
OK flags.png
d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/ 20 KB
20 KB 153ms
51ms Image
image/png 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/flags.png
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/extra.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca

Request headers

Referer: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/extra.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 28 Apr 2021 19:33:37 GMT
Via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
Age: 8572834
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 20389
Last-Modified: Thu, 03 Oct 2019 17:12:27 GMT
Server: AmazonS3
ETag: "4e54a2ee652e9cddbd4ef6f8c46e5390"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: yHMi7FCqM7tbYcqaUkrmOq8dMLlbWvfAHjfEX-nZFCXtRyrWLmYY4w==

GET
H/1.1 200
OK aPvMCA7T_0ebZP2Wfc4jFA2 Show response
secure.everyaction.com/PayPalClientToken/ 2 KB
3 KB 655ms
655ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/PayPalClientToken/aPvMCA7T_0ebZP2Wfc4jFA2

Requested by

Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b803caccda12f95df00db95de4a0a1355ac73f9556609779716117e17ac9cb22

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 3-30240885-30240886 SNNN RT(1628211249062 724) q(0 0 0 0) r(7 7) U18
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
X-Frame-Options: SAMEORIGIN
Date: Fri, 06 Aug 2021 00:54:10 GMT
Vary: Origin,Accept-Encoding
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, max-age=10
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

GET
H/1.1 200
OK cc.png
d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/ 3 KB
4 KB 165ms
56ms Image
image/png 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/cc.png
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/extra.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c57eeba2aae51f847e739a3eb70428490dec74fea781b653cb8b5e345cc7b3a

Request headers

Referer: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/extra.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 09 Feb 2021 01:55:26 GMT
Via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
Age: 15375525
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3392
Last-Modified: Thu, 03 Oct 2019 17:12:26 GMT
Server: AmazonS3
ETag: "294b44fc8703a45684537d51e363c045"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: oYXT2DJubl2YOjxBYjcKT1jROGZi-QgITklE3LDOiE_tukEb9x0TzQ==

GET
H/1.1 200
OK paypal-logo.png
d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/ 3 KB
3 KB 167ms
57ms Image
image/png 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/assets/images/paypal-logo.png
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 02d1bfc3fb8b4eff4d80613794e94142267895398d35dbca72e8ca7ddb62ab54

Request headers

Referer: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 11 Jun 2021 15:37:37 GMT
Via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
Age: 4785393
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 2778
Last-Modified: Thu, 03 Oct 2019 17:12:27 GMT
Server: AmazonS3
ETag: "459c51e4e024db4720b62513d12edb6a"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: LhJSIGIdUhIuX55dKCuYFxR_pHthnMO87bxut9mLxgrDMN2lwdDgAg==

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=pageview&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAAG~&jid=994641681&gjid=249048987&cid=855812241.1628211249&tid=UA-28243511-20&_gid=444313541.1628211249&gtm=2wg8405L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FEA%2FEA001%2F1%2F58070&cd3=4341924&cd4=1043335&cd5=Romero%20Donate%20-%20Major%20Donor%20Mailing%20(RI2005-DEV-MDDM)&cd6=aPvMCA7T_0ebZP2Wfc4jFA2&z=321013204

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=29&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&gtm=2wg8405L2FSL&z=412400986

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK aPvMCA7T_0ebZP2Wfc4jFA2
secure.everyaction.com/v1/Track/ 0
1 KB 782ms
721ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.everyaction.com/v1/Track/aPvMCA7T_0ebZP2Wfc4jFA2?formSessionId=11f64ca0-3755-40c3-9b53-5fcb0a954aaf

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Imperva
Date: Fri, 06 Aug 2021 00:54:10 GMT
X-Frame-Options: SAMEORIGIN
X-Iinfo: 4-41209262-41209263 NNNN CT(107 216 0) RT(1628211249954 30) q(0 0 4 0) r(7 7) U2
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK paypal-logo.png
d1aqhv4sn5kxtx.cloudfront.net/images/ 3 KB
3 KB 55ms
54ms Image
image/png 13.225.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/images/paypal-logo.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.216 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-216.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 02d1bfc3fb8b4eff4d80613794e94142267895398d35dbca72e8ca7ddb62ab54

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Jul 2021 00:46:14 GMT
Via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
Age: 1037277
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 2778
Last-Modified: Tue, 03 Mar 2020 23:51:55 GMT
Server: AmazonS3
ETag: "459c51e4e024db4720b62513d12edb6a"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: KWG1iZtVNwk6hHzzOzIGE08ndIvvo5NfUDYhW-pa7vHKE4zRG_fc4Q==

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Render&utt=172&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&gtm=2wg8405L2FSL&z=1657912003

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Fill&utt=5&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&gtm=2wg8405L2FSL&z=1940050060

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Form&utt=900&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&gtm=2wg8405L2FSL&z=732095435

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=887108923&t=timing&_s=1&dl=https%3A%2F%2Fwww.romeroinstitute.org%2Fgive&ul=en-us&de=UTF-8&dt=Your%20Gift%20Makes%20Justice%20Possible%20%E2%80%A2%20Romero%20Institute&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Total&utt=930&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=855812241.1628211249&tid=UA-28243511-22&_gid=444313541.1628211249&gtm=2wg8405L2FSL&z=966267871

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 16:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29787
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-28243511-20&cid=855812241.1628211249&jid=1171219669&gjid=589607844&_gid=444313541.1628211249&_u=aGDACEABBAAAAG~&z=1269603930

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 00:54:10 GMT
content-type: text/plain
access-control-allow-origin: https://www.romeroinstitute.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.html Show response
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 5079 364 B
872 B 409ms
409ms Document
text/html 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81947071a8078bb513f6d78a57029d696266525d1f3db8e62f0f8abf32b1fda8

Request headers

Host: js2.verygoodvault.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.romeroinstitute.org/give
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.romeroinstitute.org/give

Response headers

Content-Type: text/html
Content-Length: 364
Connection: keep-alive
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
x-amz-version-id: JCfkY4IkNKJhMm0EdEKqtK3Ilw9RSiaP
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 06 Aug 2021 00:54:11 GMT
ETag: "12b7f829a99521c45e7e29dcc8a34cff"
X-Cache: RefreshHit from cloudfront
Via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: PfccyrJn0xl1XgriDxE41-rlQ-jw4wCmC-yjL1OGOdhxaYW297kWcg==

GET
H/1.1 200
OK index.html Show response
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 683D 364 B
865 B 407ms
379ms Document
text/html 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81947071a8078bb513f6d78a57029d696266525d1f3db8e62f0f8abf32b1fda8

Request headers

Host: js2.verygoodvault.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.romeroinstitute.org/give
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.romeroinstitute.org/give

Response headers

Content-Type: text/html
Content-Length: 364
Connection: keep-alive
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
x-amz-version-id: JCfkY4IkNKJhMm0EdEKqtK3Ilw9RSiaP
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 06 Aug 2021 00:54:11 GMT
ETag: "12b7f829a99521c45e7e29dcc8a34cff"
X-Cache: Hit from cloudfront
Via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: 2oykm1QX0VBCjBlpdRrN1Yvroz9K4jlcu0GtFTaW-nqYjWZYk8dKpQ==

GET
H/1.1 200
OK application.6f5d7089377931472e6e.css
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 683D 74 KB
30 KB 413ms
413ms Stylesheet
text/css 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.css
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 773bbe708719b7fa130a0825dbd807f409338468bb904b419eac4c6049eda1eb

Request headers

Referer: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mvV1oAKhrahBv21YAbr1t7qenTxib8ms
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
ETag: W/"42d1f1ed2b054e05650442ac4923803b"
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Content-Type: text/css
Via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
Date: Fri, 06 Aug 2021 00:54:12 GMT
Connection: keep-alive
X-Amz-Cf-Id: dYne9g0teCvw2IgvSEd1nj8eP257rwv7KSruFEyTn5QXIRHgLmc_5g==

GET
H/1.1 200
OK application.6f5d7089377931472e6e.js Show response
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 683D 285 KB
89 KB 404ms
403ms Script
application/javascript 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.js
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a71a5b28326706e02117ae77abe0606d17d4a2a5f4d755498f01a9593e498eee

Request headers

Referer: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-exp&env=bGl2ZQ%3D%3D&fieldId=randomId6001781476472839616&formId=randomId609107838012512235&name=ExpirationDate&placeholder=MM%20%2F%20YY&serializers=W3sibmFtZSI6InNlcGFyYXRlIiwib3B0aW9ucyI6eyJtb250aE5hbWUiOiJFeHBpcmF0aW9uTW9udGgiLCJ5ZWFyTmFtZSI6IkV4cGlyYXRpb25ZZWFyIn19XQ%3D%3D&tnt=dG50dzFwem5sYW0%3D&type=card-expiration-date&validations=validCardExpirationDate&validations=required
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .fevj9sauvI0OqQeMfYLkLiq8lm9sRox
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
ETag: W/"8c2410c47a2a5dffa1820a3e4bbdbab1"
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Content-Type: application/javascript
Via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
Date: Fri, 06 Aug 2021 00:54:12 GMT
Connection: keep-alive
X-Amz-Cf-Id: 2653TryFmPQO_D7XWd4154zhqEyAf_17J65di8JaNMhJDdHYYcNkdw==

GET
H/1.1 200
OK application.6f5d7089377931472e6e.css
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 5079 74 KB
30 KB 412ms
381ms Stylesheet
text/css 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.css
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 773bbe708719b7fa130a0825dbd807f409338468bb904b419eac4c6049eda1eb

Request headers

Referer: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mvV1oAKhrahBv21YAbr1t7qenTxib8ms
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
ETag: W/"42d1f1ed2b054e05650442ac4923803b"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
Date: Fri, 06 Aug 2021 00:54:12 GMT
Connection: keep-alive
X-Amz-Cf-Id: e8kffFHNMHXgfj4SE1o9WJhUmKzAFDXjsZcmXYFnGytFHS0N-7x6tw==

GET
H/1.1 200
OK application.6f5d7089377931472e6e.js Show response
js2.verygoodvault.com/vgs-collect/1/lib/ Frame 5079 285 KB
89 KB 402ms
371ms Script
application/javascript 2600:9000:21f3:a400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.js
Requested by: Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a71a5b28326706e02117ae77abe0606d17d4a2a5f4d755498f01a9593e498eee

Request headers

Referer: https://js2.verygoodvault.com/vgs-collect/1/lib/index.html?autoComplete=cc-number&env=bGl2ZQ%3D%3D&fieldId=randomId609934817942536482&formId=randomId609107838012512235&name=Account&placeholder=%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%20%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2&tnt=dG50dzFwem5sYW0%3D&type=card-number&validations=validCardNumber&validations=required
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .fevj9sauvI0OqQeMfYLkLiq8lm9sRox
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:28 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
ETag: W/"8c2410c47a2a5dffa1820a3e4bbdbab1"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront)
Date: Fri, 06 Aug 2021 00:54:12 GMT
Connection: keep-alive
X-Amz-Cf-Id: KdesT5X4HF0o6CMOs8GMAXNqOT9u7xiRHfKFYww0-4XcH3yY3dCX_Q==

OPTIONS
H/1.1 200
OK graphql
payments.braintree-api.com/ Frame 0
0 365ms
52ms Preflight 3.122.176.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

HTTP/1.1

Server

3.122.176.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-176-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,braintree-version,content-type
Origin: https://www.romeroinstitute.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 06 Aug 2021 00:54:11 GMT
access-control-allow-origin: https://www.romeroinstitute.org
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: authorization,braintree-version,content-type
Content-Length: 0
paypal-debug-id: e96d8a2c7ba64
Strict-Transport-Security: max-age=63072000; includeSubDomains

POST
H/1.1 200
OK graphql Show response
payments.braintree-api.com/ 1 KB
1 KB 509ms
509ms XHR
application/json 3.122.176.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

3.122.176.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-176-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

d8bb0dd64d2f9eb7f97b62b590923e3eb18ef81271f2f975459aa8a4055f02f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.romeroinstitute.org/give
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2MjgyOTc2NTAsImp0aSI6IjRiYjIwYzkzLTQwMGMtNDM1YS1hN2M5LTAwYTAyYmUyZmIyYyIsInN1YiI6IndieDNmcjc2M3d4eGM1cWIiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6IndieDNmcjc2M3d4eGM1cWIiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0IjpmYWxzZX0sInJpZ2h0cyI6WyJtYW5hZ2VfdmF1bHQiXSwic2NvcGUiOlsiQnJhaW50cmVlOlZhdWx0Il0sIm9wdGlvbnMiOnt9fQ.nUd3DaaJrVj0QT_XOXCxk_gtfZ8S-cGXU_bNty6CiwaAnRGYH1oSLGSbT-GiFLpWdJw5Luu1eLcgPVuTZloqAg
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 00:54:11 GMT
content-encoding: gzip
vary: Braintree-Version, Accept-Encoding
Content-Type: application/json
access-control-allow-origin: https://www.romeroinstitute.org
Cache-Control: no-cache, no-store
braintree-version: 2016-10-07
paypal-debug-id: 5ea32b202a874
Strict-Transport-Security: max-age=63072000; includeSubDomains
access-control-allow-credentials: true
Content-Length: 671

POST
H2 200 vgs Show response
vgs-collect-keeper.apps.verygood.systems/ Frame 683D 0
157 B 432ms
137ms XHR
text/plain 18.213.27.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://vgs-collect-keeper.apps.verygood.systems/vgs

Requested by

Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.27.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-27-54.compute-1.amazonaws.com

Software

/ Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js2.verygoodvault.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js2.verygoodvault.com
date: Fri, 06 Aug 2021 00:54:11 GMT
vary: Origin
x-powered-by: Express
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains

POST
H2 200 vgs Show response
vgs-collect-keeper.apps.verygood.systems/ Frame 5079 0
156 B 416ms
138ms XHR
text/plain 18.213.27.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://vgs-collect-keeper.apps.verygood.systems/vgs

Requested by

Host: js2.verygoodvault.com
URL: https://js2.verygoodvault.com/vgs-collect/1/lib/application.6f5d7089377931472e6e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.27.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-27-54.compute-1.amazonaws.com

Software

/ Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js2.verygoodvault.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://js2.verygoodvault.com
date: Fri, 06 Aug 2021 00:54:11 GMT
vary: Origin
x-powered-by: Express
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains

OPTIONS
H/1.1 200
OK wbx3fr763wxxc5qb
client-analytics.braintreegateway.com/ Frame 0
0 209ms
48ms Preflight 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Protocol: HTTP/1.1
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.romeroinstitute.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Max-Age: 3000
Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

OPTIONS
H/1.1 200
OK wbx3fr763wxxc5qb
client-analytics.braintreegateway.com/ Frame 0
0 222ms
52ms Preflight 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Protocol: HTTP/1.1
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.romeroinstitute.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Max-Age: 3000
Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK wbx3fr763wxxc5qb Show response
client-analytics.braintreegateway.com/ 0
288 B 68ms
54ms XHR
text/plain 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK wbx3fr763wxxc5qb Show response
client-analytics.braintreegateway.com/ 0
288 B 85ms
50ms XHR
text/plain 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 dispatch-frame.min.html Show response
checkout.paypal.com/web/3.44.2/html/ Frame E9DC 8 KB
3 KB 184ms
56ms Document
text/html 13.225.87.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.paypal.com/web/3.44.2/html/dispatch-frame.min.html

Requested by

Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-38.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

dedad191cb087f16bc09a89edac8df890dc2a66cec61a3d84f721bedf51df21c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: checkout.paypal.com
:scheme: https
:path: /web/3.44.2/html/dispatch-frame.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.romeroinstitute.org/give
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.romeroinstitute.org/give

Response headers

content-type: text/html
server: nginx
last-modified: Fri, 30 Jul 2021 14:38:40 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 05 Aug 2021 05:54:46 GMT
expires: Fri, 06 Aug 2021 05:54:46 GMT
cache-control: max-age=86400
etag: W/"61040ef0-1e9d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2afacc6ad96dbba3f0b477cd95f16459.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: -o5LSvrcx_aLKdb0t0ihSWiHpEnBSw03L7p-s6UImKQ_CYeS5F3L8Q==
age: 68366

POST
H/1.1 200
OK wbx3fr763wxxc5qb Show response
client-analytics.braintreegateway.com/ 0
288 B 54ms
53ms XHR
text/plain 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK wbx3fr763wxxc5qb
client-analytics.braintreegateway.com/ Frame 0
0 219ms
51ms Preflight 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Protocol: HTTP/1.1
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.romeroinstitute.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Max-Age: 3000
Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK wbx3fr763wxxc5qb Show response
client-analytics.braintreegateway.com/ 0
288 B 73ms
54ms XHR
text/plain 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Requested by: Host: d1aqhv4sn5kxtx.cloudfront.net
URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.romeroinstitute.org/give
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK wbx3fr763wxxc5qb
client-analytics.braintreegateway.com/ Frame 0
0 62ms
48ms Preflight 3.120.221.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/wbx3fr763wxxc5qb
Protocol: HTTP/1.1
Server: 3.120.221.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-221-181.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.romeroinstitute.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.romeroinstitute.org
Access-Control-Max-Age: 3000
Date: Fri, 06 Aug 2021 00:54:12 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.romeroinstitute.org/	1970-01-19 20:16:51	Name: _dc_gtm_UA-108007622-1 Value: 1
www.romeroinstitute.org/	1969-12-31 23:59:59	Name: CraftSessionId Value: 43bbe0d8847eff4ccd4986c26ad4091d
.romeroinstitute.org/	1970-01-20 13:48:03	Name: _ga Value: GA1.2.855812241.1628211249
.romeroinstitute.org/	1970-01-19 20:16:51	Name: _gat Value: 1
.romeroinstitute.org/	1970-01-19 20:16:51	Name: _dc_gtm_UA-108007622-4 Value: 1
www.romeroinstitute.org/	1970-01-19 20:26:56	Name: browserupdateorg Value: pause
.romeroinstitute.org/	1970-01-19 22:26:27	Name: _fbp Value: fb.1.1628211249071.1387111817
.romeroinstitute.org/	1970-01-19 20:18:17	Name: _gid Value: GA1.2.444313541.1628211249

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Downloading: 672.64892578125 ms
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Processing: 28.739990234375 ms
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Render: 171.9921875 ms
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Fill: 5.826904296875 ms
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Form: 899.91015625 ms
console-api	debug	URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js(Line 7) Message: Total: 930.4248046875 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser-update.org
cdnjs.cloudflare.com
checkout.paypal.com
client-analytics.braintreegateway.com
connect.facebook.net
d1aqhv4sn5kxtx.cloudfront.net
d3rse9xjbp8270.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js2.verygoodvault.com
payments.braintree-api.com
profile.ngpvan.com
s3-us-west-1.amazonaws.com
secure.everyaction.com
stats.g.doubleclick.net
vgs-collect-keeper.apps.verygood.systems
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.romero.gift
www.romeroinstitute.org
13.225.84.216
13.225.87.38
18.213.27.54
2600:9000:20eb:0:12:303c:8700:21
2600:9000:21f3:a400:14:79be:a380:93a1
2606:4700:20::ac43:459c
2606:4700::6810:125e
2a00:1450:4001:800::2003
2a00:1450:4001:810::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c07::9a
2a00:1450:400c:c07::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.120.221.181
3.122.176.248
35.238.70.19
45.60.33.183
52.219.120.88
54.234.70.216
02cff00331a038600f267ef1720f45f29eac1dd8d4c346fb4cbada4ba1cda832
02d1bfc3fb8b4eff4d80613794e94142267895398d35dbca72e8ca7ddb62ab54
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
09c694805f8212ae27f967c6430a08775dc1b0027cf8c9441df9033d17572899
0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca
0ef10a4c0e7ca19f035aae2516240e88b6d8cb76cc37db7a2073120f4bdb1f84
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799
1c8d11c1545728ed04f93110889d14ab4e2bab25da5967f1dc8c85d2667291f2
294721ef4c082ea4a63c980fcdb0c11c1037f5d614dff1fdcbe0b949c91da3b8
35590efca5e54caeaa1ecf467014cbe9d128c06d6450e4aed522250786e04320
3640790896e1e02b28458ca856ec1009e6c9e5b5d4331333f5d216e70cd9aed2
3cb2f659bd60db49d8e9996672e85ad787d263703c9e27659a41abdae3730e36
3fd07911935a6cddda712673be5c3a6179d57328f016b40db8706491f2cd4203
47b4a429dfd49246943a5c9b27c1ebba0a7757140e0ffa8ee2d1a0236dfc402c
47eaed42f703bb0f06ba33a785d63b4fcb7e88eac47cc217a70dc2c7ccefea72
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
773bbe708719b7fa130a0825dbd807f409338468bb904b419eac4c6049eda1eb
81947071a8078bb513f6d78a57029d696266525d1f3db8e62f0f8abf32b1fda8
81b272ee12428f8ca0fce45648c8be8dae8c98a6e1749a6c1821f6611775c1d5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
880c207abf4ff0c01df193cb0cf081d3cb8c86d1e1b49b5064daa67ac0d4325b
8c57eeba2aae51f847e739a3eb70428490dec74fea781b653cb8b5e345cc7b3a
99e3b1e979c7ce9aa6bafa6e9193b253aa4bbcab6da45ecddf516f71a80af379
9c0f36f1b94109d51249d23c8e9722399b1fef6206b7578171dc758a811f6bca
a6f943fa7418a0f190aba8aa7bc8098decbe8d4a3af3cd5e09b62024cf2af626
a71a5b28326706e02117ae77abe0606d17d4a2a5f4d755498f01a9593e498eee
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b803caccda12f95df00db95de4a0a1355ac73f9556609779716117e17ac9cb22
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
cc5d3426179f9d10f8cd42257a906e862a1bdf69bbac19d493f23bc07506daeb
cce4ff80d8502faa2b95dc197476ef1009dcd695f9374c31a359d67f2cadd894
d3dff78c32c36a0e7941f3cd535460bf140b19126b694b98f44e7170068a578a
d8bb0dd64d2f9eb7f97b62b590923e3eb18ef81271f2f975459aa8a4055f02f1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dedad191cb087f16bc09a89edac8df890dc2a66cec61a3d84f721bedf51df21c
e1a72fcd935713fbcd82a4f24f8dc21759b5fa42ea496d7f476be4635c3a57c0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e98e5f2079a8b9edf4621a42bd064f2c3ff4dfb7cb105715ed483d24a52b99c2
eb1c73a955993a11872cdd50098067c501219b8a7f39491f0c9b95867b844498
fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

www.romeroinstitute.org Open in urlscan Pro 54.234.70.216 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

74 Requests

100 %HTTPS

59 %IPv6

20 Domains

21 Subdomains

22 IPs

3 Countries

1097 kBTransfer

3379 kBSize

8 Cookies

7 Outgoing links

Page URL History

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.romeroinstitute.org Open in urlscan Pro
54.234.70.216 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

100 %
HTTPS

59 %
IPv6

20
Domains

21
Subdomains

22
IPs

3
Countries

1097 kB
Transfer

3379 kB
Size

8
Cookies

74 HTTP transactions
1 data transactions