www.marchofdimes.org Open in urlscan Pro
2606:4700:10::ac43:a5a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://e-mail.marchofdimes.org/T/v400000173ee853c71b132bf6e96c660f0/80895a3170eb449c0000021ef3a0bcc8/80895a31-70eb-449c-ade7-78...
Effective URL:
https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_con...
Submission: On August 14 via api (August 14th 2020, 10:43:35 pm UTC) from US

Summary HTTP 184 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 54 IPs in 6 countries across 39 domains to perform 184 HTTP transactions. The main IP is 2606:4700:10::ac43:a5a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.marchofdimes.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2020. Valid for: a year.

This is the only time www.marchofdimes.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	159.127.187.12 159.127.187.12	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
73	2606:4700:10:... 2606:4700:10::ac43:a5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	23.96.109.67 23.96.109.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	52.200.184.6 52.200.184.6	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:a823	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
2	173.201.249.4 173.201.249.4	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
2	2600:9000:218... 2600:9000:2182:de00:14:6bfc:5740:93a1	16509 (AMAZON-02) (AMAZON-02)
5	104.108.47.187 104.108.47.187	16625 (AKAMAI-AS) (AKAMAI-AS)
2	13.226.155.82 13.226.155.82	16509 (AMAZON-02) (AMAZON-02)
1	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:4f6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:eb:... 2a02:26f0:eb:389::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	104.108.68.187 104.108.68.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a03:2880:f01... 2a03:2880:f01c:8004:face:b00c:0:8c	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
5	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1 2	216.58.205.230 216.58.205.230	15169 (GOOGLE) (GOOGLE)
2 5	172.217.21.230 172.217.21.230	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.218.17 104.111.218.17	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
2	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
2	34.194.80.163 34.194.80.163	14618 (AMAZON-AES) (AMAZON-AES)
3	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
3	54.239.29.3 54.239.29.3	16509 (AMAZON-02) (AMAZON-02)
1	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
2	52.218.232.80 52.218.232.80	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:8a05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	52.94.230.189 52.94.230.189	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	18.195.36.108 18.195.36.108	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:2182:3c00:14:4f74:f880:21	16509 (AMAZON-02) (AMAZON-02)
1	52.42.194.20 52.42.194.20	16509 (AMAZON-02) (AMAZON-02)
4	13.226.155.107 13.226.155.107	16509 (AMAZON-02) (AMAZON-02)
4	52.58.188.112 52.58.188.112	16509 (AMAZON-02) (AMAZON-02)
2	151.101.193.35 151.101.193.35	54113 (FASTLY) (FASTLY)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
184	54

1 159.127.187.12 (United States) 1 redirects

ASN19137 (EPSILON-INTERACTIVE, US)
PTR: mail.ebates.cn

e-mail.marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 2606:4700:10::ac43:a5a (United States)

ASN13335 (CLOUDFLARENET, US)

www.marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.96.109.67 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

doublethedonation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.184.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-184-6.compute-1.amazonaws.com

widgets.guidestar.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a823 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.201.249.4 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-173-201-249-4.ip.secureserver.net

seal.godaddy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:de00:14:6bfc:5740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.ywxi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.108.47.187 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-47-187.deploy.static.akamaitechnologies.com

js.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.155.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-82.dus51.r.cloudfront.net

static-na.payments-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4f6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:eb:389::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.68.187 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-68-187.deploy.static.akamaitechnologies.com

a7780304902.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8004:face:b00c:0:8c (Ireland)

ASN32934 (FACEBOOK, US)

ad.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.205.230 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s24-in-f6.1e100.net

8133010.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.21.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f230.1e100.net

8832015.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.218.17 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-218-17.deploy.static.akamaitechnologies.com

p.acquireinsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.194.80.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-80-163.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.239.29.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

payments.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.218.232.80 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8a05 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.94.230.189 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

apay-us.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.36.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-36-108.eu-central-1.compute.amazonaws.com

6027462.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:3c00:14:4f74:f880:21 (United States)

ASN16509 (AMAZON-02, US)

d2ldlvi1yef00y.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.42.194.20 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-194-20.us-west-2.compute.amazonaws.com

www.trustedsite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.155.107 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-107.dus51.r.cloudfront.net

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.58.188.112 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-188-112.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	marchofdimes.org 1 redirects e-mail.marchofdimes.org www.marchofdimes.org	702 KB
13	doubleclick.net 3 redirects stats.g.doubleclick.net 8133010.fls.doubleclick.net 8832015.fls.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net googleads.g.doubleclick.net	11 KB
9	braintreegateway.com js.braintreegateway.com client-analytics.braintreegateway.com	38 KB
8	paypal.com 1 redirects www.paypal.com t.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com	26 KB
8	google-analytics.com 2 redirects www.google-analytics.com	68 KB
5	amazon.com payments.amazon.com apay-us.amazon.com	3 KB
5	facebook.com www.facebook.com	824 B
5	facebook.net connect.facebook.net	362 KB
5	googletagmanager.com www.googletagmanager.com	196 KB
5	googleapis.com maps.googleapis.com ajax.googleapis.com	152 KB
5	google.com www.google.com	994 B
5	doublethedonation.com doublethedonation.com	140 KB
4	braintree-api.com payments.braintree-api.com	3 KB
4	optimizely.com cdn.optimizely.com a7780304902.cdn.optimizely.com logx.optimizely.com	95 KB
2	google.de www.google.de	260 B
2	amazonaws.com s3-us-west-2.amazonaws.com	2 KB
2	mathtag.com pixel.mathtag.com	2 KB
2	bing.com bat.bing.com	8 KB
2	crazyegg.com script.crazyegg.com	25 KB
2	payments-amazon.com static-na.payments-amazon.com	115 KB
2	ywxi.net cdn.ywxi.net	13 KB
2	godaddy.com seal.godaddy.com	6 KB
2	cloudflare.com ajax.cloudflare.com cdnjs.cloudflare.com	26 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	16 KB
1	trustedsite.com www.trustedsite.com	511 B
1	cloudfront.net d2ldlvi1yef00y.cloudfront.net	3 KB
1	siteimproveanalytics.io 6027462.global.siteimproveanalytics.io	613 B
1	gstatic.com www.gstatic.com	131 KB
1	twitter.com analytics.twitter.com	652 B
1	siteimproveanalytics.com siteimproveanalytics.com	8 KB
1	googleadservices.com www.googleadservices.com	11 KB
1	googlesyndication.com pagead2.googlesyndication.com	3 KB
1	t.co t.co	448 B
1	acquireinsight.net p.acquireinsight.net	192 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	atdmt.com ad.atdmt.com	437 B
1	paypalobjects.com www.paypalobjects.com	232 KB
1	cloudflareinsights.com static.cloudflareinsights.com	4 KB
1	guidestar.org widgets.guidestar.org	8 KB
184	39

	Domain	Requested by
73	www.marchofdimes.org	www.marchofdimes.org ajax.cloudflare.com ajax.googleapis.com static.cloudflareinsights.com
8	www.google-analytics.com	2 redirects www.googletagmanager.com www.google-analytics.com
5	www.facebook.com
5	connect.facebook.net	www.marchofdimes.org connect.facebook.net
5	www.googletagmanager.com	ajax.cloudflare.com www.marchofdimes.org www.googletagmanager.com
5	js.braintreegateway.com	ajax.cloudflare.com
5	www.google.com	ajax.cloudflare.com www.gstatic.com
5	doublethedonation.com	www.marchofdimes.org ajax.cloudflare.com doublethedonation.com
4	client-analytics.braintreegateway.com	js.braintreegateway.com
4	payments.braintree-api.com	js.braintreegateway.com
4	maps.googleapis.com	ajax.cloudflare.com maps.googleapis.com
3	payments.amazon.com	static-na.payments-amazon.com
3	www.paypal.com	www.paypalobjects.com
3	ad.doubleclick.net	1 redirects www.marchofdimes.org
3	stats.g.doubleclick.net
2	c.paypal.com	js.braintreegateway.com c.paypal.com
2	apay-us.amazon.com	static-na.payments-amazon.com
2	www.google.de
2	googleads.g.doubleclick.net	www.googleadservices.com
2	s3-us-west-2.amazonaws.com	cdn.ywxi.net
2	logx.optimizely.com	cdn.optimizely.com
2	pixel.mathtag.com	www.googletagmanager.com
2	bat.bing.com	www.googletagmanager.com
2	8832015.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	8133010.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	script.crazyegg.com	www.marchofdimes.org script.crazyegg.com
2	static-na.payments-amazon.com	ajax.cloudflare.com static-na.payments-amazon.com
2	cdn.ywxi.net	ajax.cloudflare.com www.marchofdimes.org
2	seal.godaddy.com	ajax.cloudflare.com
2	maxcdn.bootstrapcdn.com	www.marchofdimes.org ajax.cloudflare.com
1	dub.stats.paypal.com
1	b.stats.paypal.com	1 redirects
1	www.trustedsite.com	cdn.ywxi.net
1	d2ldlvi1yef00y.cloudfront.net
1	6027462.global.siteimproveanalytics.io
1	www.gstatic.com	www.google.com
1	analytics.twitter.com	static.ads-twitter.com
1	siteimproveanalytics.com	www.marchofdimes.org
1	t.paypal.com
1	www.googleadservices.com	www.googletagmanager.com
1	googleads4.g.doubleclick.net	ad.doubleclick.net
1	pagead2.googlesyndication.com	ad.doubleclick.net
1	t.co
1	p.acquireinsight.net	www.marchofdimes.org
1	static.ads-twitter.com	www.googletagmanager.com
1	ad.atdmt.com	www.marchofdimes.org
1	a7780304902.cdn.optimizely.com	cdn.optimizely.com
1	ajax.googleapis.com	ajax.cloudflare.com
1	cdn.optimizely.com	ajax.cloudflare.com
1	cdnjs.cloudflare.com	ajax.cloudflare.com
1	www.paypalobjects.com	ajax.cloudflare.com
1	static.cloudflareinsights.com	www.marchofdimes.org
1	ajax.cloudflare.com	www.marchofdimes.org
1	widgets.guidestar.org	www.marchofdimes.org
1	e-mail.marchofdimes.org	1 redirects
184	55

This site contains links to these domains. Also see Links.

Domain
payments.amazon.com
doublethedonation.com
www.guidestar.org
charityreports.bbb.org
www.mcafeesecure.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-16` - `2021-07-16`	a year	crt.sh
doublethedonation.com Sectigo RSA Domain Validation Secure Server CA	`2020-07-16` - `2022-10-18`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.guidestar.org DigiCert SHA2 High Assurance Server CA	`2020-07-07` - `2022-07-12`	2 years	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
mastercert.ext.pki.godaddy.com Go Daddy Secure Certificate Authority - G2	`2020-05-08` - `2022-05-08`	2 years	crt.sh
*.ywxi.net Amazon	`2019-09-30` - `2020-10-30`	a year	crt.sh
checkout.paypal.com DigiCert SHA2 Extended Validation Server CA	`2019-07-31` - `2021-09-29`	2 years	crt.sh
static-na.payments-amazon.com DigiCert Global CA G2	`2020-07-01` - `2021-06-13`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2019-12-09` - `2021-12-13`	2 years	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
*.cdn.optimizely.com GeoTrust RSA CA 2018	`2020-03-05` - `2021-06-04`	a year	crt.sh
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA	`2020-06-25` - `2020-09-23`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
cert1.a1.atm.aqfer.net Let's Encrypt Authority X3	`2020-07-08` - `2020-10-06`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
logx.optimizely.com DigiCert SHA2 High Assurance Server CA	`2018-10-01` - `2020-10-05`	2 years	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-01-12`	2 years	crt.sh
payments.amazon.com Amazon	`2020-03-18` - `2021-02-22`	a year	crt.sh
t.paypal.com DigiCert SHA2 High Assurance Server CA	`2020-07-15` - `2022-07-20`	2 years	crt.sh
*.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-07-30` - `2021-08-04`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
apay-us.amazon.com Amazon	`2020-05-13` - `2021-05-13`	a year	crt.sh
*.global.siteimproveanalytics.io DigiCert SHA2 Secure Server CA	`2020-03-30` - `2022-04-04`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.trustedsite.com Amazon	`2020-03-09` - `2021-04-09`	a year	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2019-03-04` - `2021-03-08`	2 years	crt.sh
client-analytics.braintreegateway.com DigiCert SHA2 High Assurance Server CA	`2020-05-01` - `2022-05-06`	2 years	crt.sh
c.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-06-24` - `2022-06-29`	2 years	crt.sh
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA	`2020-03-13` - `2022-06-03`	2 years	crt.sh

This page contains 8 frames:

Primary Page: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Frame ID: 95054116111F26C828A048AAFFCF6480
Requests: 171 HTTP requests in this frame

Frame: https://a7780304902.cdn.optimizely.com/client_storage/a7780304902.html
Frame ID: B147D99123D2F023158B6B46CAADC60E
Requests: 1 HTTP requests in this frame

Frame: https://8133010.fls.doubleclick.net/activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota
Frame ID: 6770C0EFA8C259EAC9EF75DD3661A5AC
Requests: 1 HTTP requests in this frame

Frame: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota
Frame ID: ABAA567A76AF6A567F6A6EDA9EF415F3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&co=aHR0cHM6Ly93d3cubWFyY2hvZmRpbWVzLm9yZzo0NDM.&hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&size=normal&cb=r56mckclp4j0
Frame ID: 22FDD52F2CB58F8C19A935BF4BE1386E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&cb=97xoxcqe3c1r
Frame ID: CE4C8DCDDEA0C44CFB421F49C7FEF553
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 340F54D458256EBC8AE275A4F9176B56
Requests: 1 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14
Frame ID: B9DA1E4589BEFAE66C07D822E3882E3F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://e-mail.marchofdimes.org/T/v400000173ee853c71b132bf6e96c660f0/80895a3170eb449c0000021ef3a0bcc8/80895a... HTTP 302
https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_cam... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

184
Requests

99 %
HTTPS

48 %
IPv6

39
Domains

55
Subdomains

54
IPs

6
Countries

2412 kB
Transfer

7603 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://payments.amazon.com/help/Amazon-Simple-Pay/Creating-Managing-Your-Account/Verifying-Your-Account
Title: Learn more

Search URL Search Domain Scan URL

URL: https://doublethedonation.com/matching-grant-resources/matching-gift-information/
Title: Double the Donation

Search URL Search Domain Scan URL

URL: https://doublethedonation.com/

Search URL Search Domain Scan URL

URL: https://www.guidestar.org/profile/13-1846366

Search URL Search Domain Scan URL

URL: https://charityreports.bbb.org/public/Report.aspx?CharityID=26
Title:

Search URL Search Domain Scan URL

URL: https://www.mcafeesecure.com/verify?host=www.marchofdimes.org
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://e-mail.marchofdimes.org/T/v400000173ee853c71b132bf6e96c660f0/80895a3170eb449c0000021ef3a0bcc8/80895a31-70eb-449c-ade7-78df93839bba?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFyhFDuaCmodsqKhJg6gjEyn07ZjlBPMcWr_0phVhS8Ig1_jYxObvLnh6hqc_0nOgbZv-G_f4rWnLKZ2Mzefy6w_LM-4Fq-Ri7IMOA_L989jTNCpQnWAg6AvHaAcDnauK9pp3Tf8GyuSqaaFdeD6qHnrqabdR7thXNad0uCEfcUrqgr13JiihtfJcNIaOU_aopn2RtiE_1tIYrryac7xaMTL7KFD7XLTpnzZycO86uOJ-gSQzyfSmW8DesJ9Ljpm4KqVnhRZ5KNsdgoNq8G0J0628nPVghd_-dTfCv-NApF6jg0wgWWuwK81X1YIRcyoEm5FLjByUJFDcNK2LEayxibrilCoBUTgaWjkhCUTGOdaPlInDtG8nAcoXwhkYuAo4uQVy6EBdGa3o7JKEe9KENQl_CD1I7GHqjg== HTTP 302
https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 90

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=333242366&t=pageview&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&ul=en-us&de=UTF-8&dt=Make%20a%20donation%20%7C%20March%20of%20Dimes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAUADQ~&jid=878134265&gjid=702839944&cid=795816099.1597444999&tid=UA-219864-1&_gid=1133444025.1597444999&_r=1&gtm=2ou871&z=2094994092 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=878134265&_gid=1133444025.1597444999&gjid=702839944&_v=j83&z=2094994092

Request Chain 94

https://8133010.fls.doubleclick.net/activityi;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota HTTP 302
https://8133010.fls.doubleclick.net/activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota

Request Chain 95

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota HTTP 302
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota

Request Chain 102

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COCCgK7im-sCFdXJuwgd7FEKiQ;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 155

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=333242366&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&ul=en-us&de=UTF-8&dt=Make%20a%20donation%20%7C%20March%20of%20Dimes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donate&ea=donation-page-load&_u=aGDAAUIzQ~&jid=1089972363&gjid=1051061287&cid=795816099.1597444999&tid=UA-219864-1&_gid=1133444025.1597444999&_r=1&gtm=2wg871M5CGWR&z=1080189602 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=1089972363&_gid=1133444025.1597444999&gjid=1051061287&_v=j83&z=1080189602

Request Chain 177

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14 HTTP 302
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14

184 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request support-general.aspx Show response
www.marchofdimes.org/giving/
Redirect Chain

http://e-mail.marchofdimes.org/T/v400000173ee853c71b132bf6e96c660f0/80895a3170eb449c0000021ef3a0bcc8/80895a31-70eb-449c-ade7-78df93839bba?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZAB...
https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

234 KB
38 KB

295ms
254ms

Document
text/html

2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

7201db2455da0512c27e081655cfa176771bda32306aeeddadede2a956d4ecbd

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:method: GET
:authority: www.marchofdimes.org
:scheme: https
:path: /giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 22:43:17 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d96225d02c3bf13508d86e935339b6de61597444997; expires=Sun, 13-Sep-20 22:43:17 GMT; path=/; domain=.marchofdimes.org; HttpOnly; SameSite=Lax
cache-control: private
vary: Accept-Encoding
x-stackifyid: V2|b07dda38-36ba-4d8b-9559-d5c7006d5d7b|C58819|CD5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-ua-compatible: IE=edge
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-content-type-options: nosniff
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
strict-transport-security: max-age=31536000; includeSubDomains
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
cf-cache-status: DYNAMIC
cf-request-id: 0490bd58100000dfc787078200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c2e31a01900dfc7-FRA
content-encoding: br

Redirect headers

location: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington and north dakota
cache-control: no-cache
content-length: 0
date: Fri, 14 Aug 2020 22:43:16 GMT

GET
H2 200 jquery.bxslider.css
www.marchofdimes.org/glue/css/ 3 KB
2 KB 18ms
17ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/jquery.bxslider.css

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

9c14f559d6bfffc3dd361a9210d53b43b780f8f9e84812248f789a80951102ae

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 08 Oct 2015 21:36:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0ee1c5a112d11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=3832
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59150000dfc7870a1200000001
cf-ray: 5c2e31a1bb93dfc7-FRA
cf-bgj: minify

GET
H2 200 style-css.css
www.marchofdimes.org/glue/css/ 82 KB
15 KB 16ms
15ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/style-css.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

919e2e4a6d42c6244f120a3977c4be26d6bbf9ad55648c188f77f2eda27d8cbf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 29 Jul 2020 14:56:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"a0d0c573b865d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=140216
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59150000dfc7870a2200000001
cf-ray: 5c2e31a1bb94dfc7-FRA
cf-bgj: minify

GET
H2 200 style-rebrand.css
www.marchofdimes.org/glue/css/ 16 KB
3 KB 17ms
16ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/style-rebrand.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e2fb3a382b3393e5b57be20d3b42ac1bc375a1cd17022bb056344265d690d837

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 28 Jul 2020 13:34:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"40e570dfe364d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=20334
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59150000dfc7870a3200000001
cf-ray: 5c2e31a1bb96dfc7-FRA
cf-bgj: minify

GET
H2 200 responsive.css
www.marchofdimes.org/glue/css/ 48 KB
9 KB 15ms
14ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/responsive.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e0973809e1973333289da731aac99e52f553c42e9b8af77d1a6d39d2fd2d04bf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 17 Jun 2020 20:45:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"8096ad4ae844d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: status=cannot_optimize
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59150000dfc7870a4200000001
cf-ray: 5c2e31a1bb97dfc7-FRA
cf-bgj: minify

GET
H2 200 style-rebrand-responsive.css
www.marchofdimes.org/glue/css/ 4 KB
1 KB 16ms
15ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/style-rebrand-responsive.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

bf93d2a2b82edd666a07951571bcb47fcc0bf4c13206d39e673615adad12418e

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 17 Jun 2020 20:45:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"8096ad4ae844d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: status=cannot_optimize
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59160000dfc7870a5200000001
cf-ray: 5c2e31a1bb98dfc7-FRA
cf-bgj: minify

GET
H2 200 jquery.fancybox.css
www.marchofdimes.org/glue/css/ 3 KB
1 KB 15ms
15ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/jquery.fancybox.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

bca29bc35bf60ea6910d2afe585035f2ca526be1b377ee553738df89db67c90d

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 12 Aug 2015 20:11:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"fdba253bd5d01:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=4572
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd59160000dfc7870a6200000001
cf-ray: 5c2e31a1bb9adfc7-FRA
cf-bgj: minify

GET
H2 200 mod-logo-stacked-brandpurple.svg
www.marchofdimes.org/glue/images/ 3 KB
2 KB 21ms
18ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/glue/images/mod-logo-stacked-brandpurple.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e005972ec0428d9a765b1b28d5e6c3e19d13727e477423d7136a4bffbd843309

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3721
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 10 Apr 2019 19:20:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1eb2bf66d2efd41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591b0000dfc7870ae200000001
cf-ray: 5c2e31a1cbb3dfc7-FRA

GET
H2 200 ddplugin.css
doublethedonation.com/api/css/ 141 KB
22 KB 402ms
179ms Stylesheet
text/css 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/css/ddplugin.css
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.96.109.67 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 066d79a7d568051fb84ee6f71214945a6fe746685567062467500bf712912131

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
last-modified: Fri, 14 Aug 2020 07:22:23 GMT
server: nginx
x-cache-status: BYPASS
vary: Accept-Encoding
content-type: text/css; charset=utf-8
status: 200
x-proxy-cache: BYPASS

GET
H2 200 DonationForm.css
www.marchofdimes.org/DonationFormV3/css/ 16 KB
3 KB 461ms
457ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

127ee54d4cdbaff9594d2410eca09998f42b53b574dde19c24df5a1c636dc253

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 19 Jun 2020 18:09:47 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"faec1bd16446d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=22192
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870a8200000001
cf-ray: 5c2e31a1cba6dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Pledge.css
www.marchofdimes.org/DonationFormV3/css/ 2 KB
767 B 440ms
436ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Pledge.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

6b367808aa8b39c622422e8e5878b7ce730795c57d84dff80de45629a4910543

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Jul 2018 17:10:22 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"e69b8936ba1ed41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=2585
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870a9200000001
cf-ray: 5c2e31a1cba7dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Layouts.css
www.marchofdimes.org/DonationFormV3/css/ 7 KB
1 KB 451ms
447ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Layouts.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4e16e1eb5590fbbca2c65e0db9111cfd25303e2599fcbd0b035fc13672dd34fd

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Jul 2018 16:43:24 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"89cb571b61ed41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=10873
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870aa200000001
cf-ray: 5c2e31a1cba8dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Updates2019.css
www.marchofdimes.org/DonationFormV3/css/ 4 KB
1 KB 461ms
457ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Updates2019.css?v=061920201

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f979d664f85f9289bf9682c7fb690e1b8d73703190b2d5d1735b29b025d2c27d

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 19 Jun 2020 18:09:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2e1c1ab56446d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=5519
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870ab200000001
cf-ray: 5c2e31a1cbabdfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_PaymentTypeButtons_Updates2019.css
www.marchofdimes.org/DonationFormV3/css/ 7 KB
1 KB 478ms
474ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

014af6e582f253684e2cb9a7e63c347caa2962893d5c2b1e20e2ee1f6f023b79

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 29 Oct 2019 13:39:38 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"debc804f5e8ed51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: status=cannot_optimize
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870ac200000001
cf-ray: 5c2e31a1cbaddfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_eCheck_Updates2019.css
www.marchofdimes.org/DonationFormV3/css/ 128 B
1 KB 450ms
446ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_eCheck_Updates2019.css?v=1020192

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

fb7f2e5f6f5eede3b3a372630fdbfc83fce04d00c4a1c8fc94392aaf9f38f469

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 23 Oct 2019 19:27:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2d4030ead789d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=149
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd591a0000dfc7870ad200000001
cf-ray: 5c2e31a1cbaedfc7-FRA
cf-bgj: minify

GET
H2 200 cc.png
www.marchofdimes.org/DonationFormV3/images/ 682 B
898 B 471ms
467ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/cc.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

a69b445eb2ae9f5ae720b6283d427c2d0eb591148f3a2a05d0298936c6660fc4

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "35fc82b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="cc.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 682
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=1353
cf-request-id: 0490bd591b0000dfc7870af200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbb4dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 pp.png
www.marchofdimes.org/DonationFormV3/images/ 4 KB
4 KB 18ms
15ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/pp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

97a2cf56a2204fcdf31659b0ae0f7bdb978232020428e207e09dc5e50790a786

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "b3778bb570a5d11:0"
cf-cache-status: HIT
age: 5425
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="pp.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3976
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=5509
cf-request-id: 0490bd591b0000dfc7870b0200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbb5dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 venmo.png
www.marchofdimes.org/DonationFormV3/images/ 2 KB
2 KB 453ms
450ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/venmo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c213b86a386b7a0528d39ecb548e52794996e34e9606f57a68eb00c7330f7c57

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "8cdd9579c64dd31:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="venmo.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2290
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 25 Oct 2017 19:21:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=4025
cf-request-id: 0490bd591b0000dfc7870b1200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbb7dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-mastercard.png
www.marchofdimes.org/DonationFormV3/images/ 2 KB
3 KB 455ms
452ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/icon-mastercard.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

6963a88788ac08f890682e5cacc062cc94135d31306c43ec838ef6ba5b467a7d

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "32cc89b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="icon-mastercard.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2344
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=3717
cf-request-id: 0490bd591b0000dfc7870b2200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbbadfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-visa.png
www.marchofdimes.org/DonationFormV3/images/ 2 KB
3 KB 457ms
455ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/icon-visa.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ed551aa2e52b208be922703a4e4d192e4aef375f3bf8261d5cb6dfed9288b89f

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "b5df89b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="icon-visa.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1820
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=3110
cf-request-id: 0490bd591b0000dfc7870b3200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbbbdfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-amex.png
www.marchofdimes.org/DonationFormV3/images/ 2 KB
4 KB 467ms
464ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/icon-amex.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

61a18234a303515dbd18c97721dacb2cdaa64fba0d694aa76f68b8f901dbd599

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "9eb889b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="icon-amex.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2340
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=4008
cf-request-id: 0490bd591b0000dfc7870b4200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbbcdfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-discover.png
www.marchofdimes.org/DonationFormV3/images/ 1 KB
2 KB 466ms
463ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/icon-discover.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

268d32771bdc600971ecba64038c7349ca6fe69abfede7bbad877e65ff336f1d

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "32cc89b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="icon-discover.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1502
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=3066
cf-request-id: 0490bd591b0000dfc7870b5200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbbedfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 donations-paypal.png
www.marchofdimes.org/DonationFormV3/images/ 3 KB
3 KB 18ms
16ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/donations-paypal.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

d25a2b659f94bcc0649418dff88d0fdca830eb92dffe26bd98d88425a0894e2c

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "a8e188b570a5d11:0"
cf-cache-status: HIT
age: 5425
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="donations-paypal.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2808
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=5567
cf-request-id: 0490bd591b0000dfc7870b6200000001
accept-ranges: bytes
cf-ray: 5c2e31a1cbbfdfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/ 20 KB
5 KB 10ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/glue/css/style-rebrand.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/glue/css/style-rebrand.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
status: 200
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 4696

GET
H2 200 bootstrap.min.css
www.marchofdimes.org/glue/css/ 114 KB
19 KB 15ms
15ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/css/bootstrap.min.css

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/glue/css/style-css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

d31bef450ee67b64f9b70bfdf41fe4e00c65438705cc1fbb48ea6026d3a5d697

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/glue/css/style-css.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3720
x-powered-by: ASP.NET
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 12 Mar 2015 18:36:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0bae781f35cd01:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd592e0000dfc7870b9200000001
cf-ray: 5c2e31a1ebe4dfc7-FRA

GET
H2 200 printer.png
www.marchofdimes.org/DonationFormV3/images/ 290 B
584 B 441ms
439ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/printer.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

116ecc9343dfc34597ba0850af31be7145ed8574986f45aaa91daf4baa8b99e9

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "82a18db570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="printer.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 290
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=1488
cf-request-id: 0490bd595a0000dfc7870bc200000001
accept-ranges: bytes
cf-ray: 5c2e31a22c40dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 arrow-down-purple.png
www.marchofdimes.org/DonationFormV3/images/ 138 B
446 B 448ms
443ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/arrow-down-purple.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

64a34f2161be19ccbb6abb0a22e6d648938f0d11df7b36e321e58eeca287e33c

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "271ba91f5c7bd31:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="arrow-down-purple.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 138
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 22 Dec 2017 19:36:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=15089
cf-request-id: 0490bd595c0000dfc7870bd200000001
accept-ranges: bytes
cf-ray: 5c2e31a22c46dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 powered-by.png
doublethedonation.com/api/img/ 7 KB
8 KB 252ms
96ms Image
image/png 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doublethedonation.com/api/img/powered-by.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.96.109.67 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

0f5d8f04863ac53eb4e88eda5907df8a6f103ccccb14d462b31033a4159780e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Aug 2020 07:17:26 GMT
server: nginx
status: 200
x-frame-options: sameorigin
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 7464
xdebug: img/powered-by.png

GET
H2 200 gximage2
widgets.guidestar.org/ 7 KB
8 KB 594ms
130ms Image
image/png 52.200.184.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.guidestar.org/gximage2?o=6906404&l=v4
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.184.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-184-6.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4de7523e4e21393b6c2416f444095201a39f1031fcc30a895f419a5a68eec3fe

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/png
status: 200
cache-control: private
content-length: 7484

GET
H2 200 BBB-logo.jpg
www.marchofdimes.org/DonationFormV3/images/ 2 KB
2 KB 443ms
439ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/BBB-logo.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

5a0f3b23a57c4c0f9d74608e5d1245526b0f177ac67fca1e49b5117c50f06ddf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "8a5c71b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="BBB-logo.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1704
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=jpeg, origSize=103366
cf-request-id: 0490bd595c0000dfc7870be200000001
accept-ranges: bytes
cf-ray: 5c2e31a22c47dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 PCI-logo.jpg
www.marchofdimes.org/DonationFormV3/images/ 1 KB
3 KB 440ms
437ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/PCI-logo.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

db5ed483f2c6ab5afbcac433bf876688cbde9f16a082d48901a33133761f6626

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "13c780b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="PCI-logo.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1240
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=jpeg, origSize=108922
cf-request-id: 0490bd595c0000dfc7870bf200000001
accept-ranges: bytes
cf-ray: 5c2e31a22c48dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 McAfee-logo.jpg
www.marchofdimes.org/DonationFormV3/images/ 2 KB
3 KB 442ms
438ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/McAfee-logo.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

a4098719dbb1dc018a4087ed35e652f5a4c44e89ff9d93613dc4dbdd22a1d1c7

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "9ff7cb570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="McAfee-logo.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2388
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=jpeg, origSize=111023
cf-request-id: 0490bd595c0000dfc7870c0200000001
accept-ranges: bytes
cf-ray: 5c2e31a22c49dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 mod-logo-stacked-rgb-white.svg
www.marchofdimes.org/glue/images/ 4 KB
2 KB 20ms
17ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/glue/images/mod-logo-stacked-rgb-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

b4e1d12972d3a5ff8b5dc2b8bb5e0fc1d18eb027e0b724d23077fe88ccf34790

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 11 Apr 2019 16:21:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"caf6ea9382f0d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd595c0000dfc7870c1200000001
cf-ray: 5c2e31a22c4adfc7-FRA

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 25ms
8ms Script
application/javascript 2606:4700::6810:a823
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a823 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 12 Aug 2020 15:28:25 GMT
server: cloudflare
etag: W/"5f340a99-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 5c2e31a24ec1c2ef-FRA
cf-request-id: 0490bd596a0000c2ef0d229200000001
expires: Sun, 16 Aug 2020 22:43:17 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 10 KB
4 KB 44ms
24ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80a501b2d3e77be83e3f7464b0e39f8dcae689ca96ca1290f606caa8eb8e5c88

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
status: 200
cf-ray: 5c2e31a24a27d6c5-FRA
cf-request-id: 0490bd596d0000d6c5a7b10200000001

GET
H2 200 Graphik-Bold.ttf
www.marchofdimes.org/fonts/ 148 KB
148 KB 11ms
10ms Font
application/octet-stream 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/fonts/Graphik-Bold.ttf

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/glue/css/style-rebrand.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Origin: https://www.marchofdimes.org
Referer: https://www.marchofdimes.org/glue/css/style-rebrand.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3719
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 151108
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 20 Dec 2017 16:53:05 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "7ce9371b379d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/octet-stream
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5ab50000dfc7870db200000001
accept-ranges: bytes
cf-ray: 5c2e31a45fb9dfc7-FRA

GET
H2 200 Graphik-Regular.ttf
www.marchofdimes.org/fonts/ 145 KB
146 KB 11ms
11ms Font
application/octet-stream 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/fonts/Graphik-Regular.ttf

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/glue/css/style-rebrand.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Origin: https://www.marchofdimes.org
Referer: https://www.marchofdimes.org/glue/css/style-rebrand.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:17 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3719
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 148868
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 20 Dec 2017 16:52:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "e7ee16ebb279d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/octet-stream
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5ab50000dfc7870dc200000001
accept-ranges: bytes
cf-ray: 5c2e31a45fbadfc7-FRA

GET
H2 200 DonationForm-other.css
www.marchofdimes.org/DonationFormV3/css/ 12 KB
4 KB 456ms
456ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm-other.css

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

d7f282a03ee129e026d955f33b50a3e71b50ca4e2162a035cd01d6173f5822c0

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 22 Dec 2017 19:28:37 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bc9961105b7bd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=15265
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5ae50000dfc7870e1200000001
cf-ray: 5c2e31a4a826dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Mobile.css
www.marchofdimes.org/DonationFormV3/css/ 8 KB
3 KB 443ms
441ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Mobile.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e4fa5da308a5c0c487cc4706eab01b2cc7622bc919f20d8b69b432c07bc4800b

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 05 Sep 2019 17:16:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"ae5fb0abd64d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=10960
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cb10000dfc787104200000001
cf-ray: 5c2e31a78d48dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Mobile320.css
www.marchofdimes.org/DonationFormV3/css/ 1006 B
482 B 450ms
449ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Mobile320.css?v=082620191

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c7ba66613fdc9b9f865f92a5dfaf54459b198714038e032dbad0290fd330767c

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Jul 2018 16:37:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"caace8a5b51ed41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=1178
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cb10000dfc787105200000001
cf-ray: 5c2e31a78d49dfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Print.css
www.marchofdimes.org/DonationFormV3/css/ 647 B
473 B 446ms
445ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Print.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

20999252ac1e7d1618a12c2ba886e7890cef297ad9eb0a08bbde8cd27d79a8f0

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 26 Jan 2018 19:25:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"9a421e7cdb96d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=1370
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cb10000dfc787106200000001
cf-ray: 5c2e31a78d4adfc7-FRA
cf-bgj: minify

GET
H2 200 DonationForm_Mobile414.css
www.marchofdimes.org/DonationFormV3/css/ 3 KB
924 B 438ms
438ms Stylesheet
text/css 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/css/DonationForm_Mobile414.css?v=0920195

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

092c29d549e604e298825e47aac34d389ced91269d0d695afc1652de66f93e91

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 05 Sep 2019 17:12:14 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"a869310d64d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=14400
cf-polished: origSize=3181
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cb10000dfc787107200000001
cf-ray: 5c2e31a78d4cdfc7-FRA
cf-bgj: minify

GET
H2 200 InHonorOf.svg
www.marchofdimes.org/DonationFormV3/images/ 396 B
400 B 719ms
718ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/InHonorOf.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f970fbd589193a1f995a5d1f8a3ace46081fd4707ca49dd4b1ae0816146901fa

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd5cbd0000dfc787109200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Jul 2018 17:39:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6a622342be1ed41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31a79d78dfc7-FRA

GET
H2 200 InMemoryOf.svg
www.marchofdimes.org/DonationFormV3/images/ 983 B
685 B 449ms
448ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/InMemoryOf.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1963c9adae7a587781b18d3f22dd5b4827cd70534e11841b24507bff68f179f2

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd5cbd0000dfc78710a200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Jul 2018 17:39:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"adc81250be1ed41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31a79d7bdfc7-FRA

GET
H2 200 script.js Show response
www.marchofdimes.org/glue/js/ 7 KB
1 KB 21ms
12ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/script.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

3f30064280ef1eb75a94839747011fdc11f545d3a6a17c86a6d9b5536ade9903

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 251
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 05 Aug 2020 16:45:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"9050e3c4476bd61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=9006
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd30000dfc78710e200000001
cf-ray: 5c2e31a7bdcddfc7-FRA
cf-bgj: minify

GET
H/2+Q/46 200 api.js Show response
www.google.com/recaptcha/ 732 B
625 B 30ms
22ms Script
text/javascript 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=oncaptchaload&render=explicit

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

efcccab6ce2d0e94d011471bb9fbce68344fbf387472d157c33b726558d66cf8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 463
x-xss-protection: 1; mode=block
expires: Fri, 14 Aug 2020 22:43:18 GMT

GET
H2 200 citybyziplookup.js Show response
www.marchofdimes.org/DonationFormV3/ 1 KB
761 B 450ms
440ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/citybyziplookup.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

b7633978f54553fe3110508200aed6435480713f1c7396a85b8c633e98ed9de9

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 16 Oct 2018 16:57:30 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"4f753537165d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=2429
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc78710f200000001
cf-ray: 5c2e31a7bdd2dfc7-FRA
cf-bgj: minify

GET
H2 200 staticcountrylist.js Show response
www.marchofdimes.org/glue/js/3.0/ 24 KB
4 KB 449ms
439ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/staticcountrylist.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

43a1d4f18120648c849bbcad445218789a24204d767177a7ac03db54231c5c4e

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 21 Dec 2018 16:16:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1e82e0974899d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=28943
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc787110200000001
cf-ray: 5c2e31a7bdd4dfc7-FRA
cf-bgj: minify

GET
H2 200 staticstatelist.js Show response
www.marchofdimes.org/glue/js/3.0/ 3 KB
844 B 450ms
440ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/staticstatelist.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1e4a04be78cbd4f445a7d55a7fa893d9263c2a5a7cdc14b187f83d1466960210

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 08 Dec 2015 16:46:49 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"25222b8d831d11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=3809
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc787111200000001
cf-ray: 5c2e31a7bdd5dfc7-FRA
cf-bgj: minify

GET
H/1.1 200
OK getSeal Show response
seal.godaddy.com/ 4 KB
2 KB 944ms
167ms Script
text/html 173.201.249.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://seal.godaddy.com/getSeal?sealID=iSn2FxO65Gl1WI3dhhQByiX5u5XA4UFZa2ByzoBljAAs5DJnwViccov5nUdl
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.201.249.4 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-173-201-249-4.ip.secureserver.net
Software: Apache /
Resource Hash: 47b0dabb476068ff9a013a78bed7c1549786c953e180c5f3bd5045db00a456de

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Expires: Sat, 15 Aug 2020 02:43:19 GMT

GET
H2 200 1.js Show response
cdn.ywxi.net/js/ 17 KB
5 KB 45ms
10ms Script
text/javascript 2600:9000:2182:de00:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/1.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2182:de00:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9abb30df9217bbe5556e1759dbcce0867f5eafac7224af2d9ddb63541cd1a1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
age: 1191
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
x-amz-cf-pop: DUS51-C1
content-length: 4459
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
x-amz-cf-id: iVArIKKppRZEqn-lFe52XMG8PkZkUNo_gn6O4gTsBE5xMSW6SDII1Q==
expires: Fri, 14 Aug 2020 23:23:27 GMT

GET
H2 200 jquery.animate-rotate.js Show response
www.marchofdimes.org/DonationFormV3/ 297 B
357 B 443ms
434ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/jquery.animate-rotate.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c89a2f6020ee084bc79111bb5eb32eb83fbc93fe4cad4d49d7663ee5d76e63bf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 11 Dec 2015 18:41:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60fbe904334d11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=552
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc787112200000001
cf-ray: 5c2e31a7bdd6dfc7-FRA
cf-bgj: minify

GET
H/1.1 200
OK us-bank-account.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 18 KB
6 KB 354ms
23ms Script
application/javascript 104.108.47.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.braintreegateway.com/web/3.34.0/js/us-bank-account.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.108.47.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-47-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: adbd1654e5d704aca41097a929152fa46378fc89d4ff4bf17fe1fee251aff8e9

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Aug 2020 21:41:04 GMT
Server: nginx
ETag: "5f2c78f0-4659"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5664
Expires: Sat, 15 Aug 2020 04:43:18 GMT

GET
H/1.1 200
OK venmo.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 20 KB
6 KB 378ms
23ms Script
application/javascript 104.108.47.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.braintreegateway.com/web/3.34.0/js/venmo.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.108.47.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-47-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4b51abf9baefd1b96bb9e0d0a846ce115889ed8bab3d1de48298da81909bb5f2

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Aug 2020 21:41:05 GMT
Server: nginx
ETag: "5f2c78f1-4e99"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6157
Expires: Sat, 15 Aug 2020 04:43:18 GMT

GET
H/1.1 200
OK apple-pay.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 15 KB
5 KB 401ms
22ms Script
application/javascript 104.108.47.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.braintreegateway.com/web/3.34.0/js/apple-pay.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.108.47.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-47-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 06324d4849d5639cda90634913fa2132841fb1d8ca37323b3b683f7ff5c2ea96

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Aug 2020 21:41:05 GMT
Server: nginx
ETag: "5f2c78f1-3b0a"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4818
Expires: Sat, 15 Aug 2020 04:43:18 GMT

GET
H/1.1 200
OK data-collector.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 25 KB
9 KB 426ms
24ms Script
application/javascript 104.108.47.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.braintreegateway.com/web/3.34.0/js/data-collector.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.108.47.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-47-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4e7e09acc1fe85f5113ec796055fb40011a09f1c59233949cbd96d5cb0abc57b

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Aug 2020 21:41:04 GMT
Server: nginx
ETag: "5f2c78f0-649b"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9002
Expires: Sat, 15 Aug 2020 04:43:18 GMT

GET
H/1.1 200
OK client.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 35 KB
11 KB 452ms
25ms Script
application/javascript 104.108.47.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.braintreegateway.com/web/3.34.0/js/client.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.108.47.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-47-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f05b1bfe0ba17ee79b6d32a84f86c53d597d19052d77d9d4209099ebe3caf332

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Aug 2020 21:41:03 GMT
Server: nginx
ETag: "5f2c78ef-8c2c"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10776
Expires: Sat, 15 Aug 2020 04:43:18 GMT

GET
H2 200 Widgets.js Show response
static-na.payments-amazon.com/OffAmazonPayments/us/js/ 326 KB
102 KB 115ms
35ms Script
application/x-javascript 13.226.155.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-82.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9af38a7bc362e8ce0cef0ffde0ef646db114d325406420cd4e89c39aafc03d0a

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rHV.N..Pq8RrkR0lAJm5RkGSkSKM0LRN
content-encoding: gzip
last-modified: Thu, 13 Aug 2020 16:38:52 GMT
server: AmazonS3
age: 472
date: Fri, 14 Aug 2020 22:35:26 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=1200,public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: V350jkWvHnI7T1KF4RILJF3AKEMG49V_E_ceSGG15s1yh_tfpbS_rw==
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)

GET
H2 200 amazon-body.js Show response
www.marchofdimes.org/DonationFormV3/ 4 KB
3 KB 457ms
448ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/amazon-body.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

cddde8d76abdaadfbaf992e1fa78c600122da8028cd6026478ada12b69db1ea1

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 04 Aug 2017 17:54:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"78985c04add31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=8693
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc787113200000001
cf-ray: 5c2e31a7bdd8dfc7-FRA
cf-bgj: minify

GET
H2 200 amazon-head.js Show response
www.marchofdimes.org/DonationFormV3/ 129 B
249 B 20ms
12ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/amazon-head.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1f71f97e1ab6c14d60016a0503883dd415125e781137c6ed94e47ef9828ac143

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5426
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"199c6eb570a5d11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=206
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd40000dfc787114200000001
cf-ray: 5c2e31a7bddadfc7-FRA
cf-bgj: minify

GET
H2 200 checkout.js Show response
www.paypalobjects.com/api/ 1 MB
232 KB 3121ms
31ms Script
application/x-javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/api/checkout.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

f70ad01b77c844be8f9b2f3312bc97c57e192e0b0feafcb03f788379b1f51e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20492
x-cache: HIT, HIT
status: 200
vary: Accept-Encoding
content-length: 237180
x-served-by: cache-lax8635-LAX, cache-hhn4048-HHN
last-modified: Fri, 14 Aug 2020 16:56:22 GMT
server: Apache
x-timer: S1597445001.459659,VS0,VE0
strict-transport-security: max-age=31557600
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=3600
accept-ranges: bytes
x-cache-hits: 3, 5615

GET
H2 200 DonationForm_eCheck_Updates2019.js Show response
www.marchofdimes.org/DonationFormV3/ 517 B
389 B 443ms
435ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/DonationForm_eCheck_Updates2019.js?v=1020192

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4cfb09552b38c4f7eae409ad785a027791666f216ba0fd60c0f3cf8fa1de32d0

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 23 Oct 2019 15:55:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6c94dc58ba89d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=559
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787115200000001
cf-ray: 5c2e31a7bddbdfc7-FRA
cf-bgj: minify

GET
H2 200 ddplugin.js Show response
doublethedonation.com/api/js/ 455 KB
110 KB 206ms
198ms Script
text/javascript 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/js/ddplugin.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.96.109.67 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 740852539aba54d596f5e284cd41d26af2d7f162656b6c6e40455183c66cda9b

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
last-modified: Fri, 14 Aug 2020 07:22:22 GMT
server: nginx
x-cache-status: BYPASS
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
x-proxy-cache: BYPASS

GET
H2 200 tracking.js Show response
www.marchofdimes.org/DonationFormV3/ 2 KB
2 KB 442ms
434ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/tracking.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4409b0786171835b0e6ec2fb4a8b8d94a41f1d599374ba1d03b91eeab860eb5a

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 12 Dec 2019 19:01:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"d5b4d59d1eb1d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=3301
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787116200000001
cf-ray: 5c2e31a7bddcdfc7-FRA
cf-bgj: minify

GET
H2 200 DonationFormV3.js Show response
www.marchofdimes.org/DonationFormV3/ 72 KB
14 KB 21ms
13ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/DonationFormV3.js?v=1220191

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

0fde6eea8d2877355e8ea1c9b2ddc9b88cf679deca8365f9252ca0d022143bd2

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5426
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 02 Jul 2020 16:21:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"afbe93e08c50d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=116043
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787117200000001
cf-ray: 5c2e31a7bddfdfc7-FRA
cf-bgj: minify

GET
H2 200 Validators.js Show response
www.marchofdimes.org/DonationFormV3/ 2 KB
1 KB 456ms
449ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/Validators.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

82123a4a27c22cd5fbbbaf18d1572dbdbd5570d03ce04045168ae11e0d81e024

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Mon, 16 Jul 2018 21:07:15 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2aac37f9481dd41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=10193
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787118200000001
cf-ray: 5c2e31a7bde0dfc7-FRA
cf-bgj: minify

GET
H2 200 bluebird.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/ 75 KB
21 KB 55ms
22ms Script
application/javascript 2606:4700::6811:4f6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a8df52b71e0fc738da41e818f6b0e5e9d8fc116b65b56d017a237245b4383fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 25026345
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0490bd5cef0000d6e50d0ef200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:16:18 GMT
server: cloudflare
etag: W/"5afd4862-12b3f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5c2e31a7eb56d6e5-FRA
expires: Wed, 04 Aug 2021 22:43:18 GMT

GET
H2 200 GeoLocationControl.js Show response
www.marchofdimes.org/Controls/js/ 6 KB
2 KB 18ms
10ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/Controls/js/GeoLocationControl.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

b57a0a6a1e1ee7857dec86e9e8ac0366804fec4a60932bf14ec40172a8c81412

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3176
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 30 Mar 2017 16:37:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0f93f373a9d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=13852
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787119200000001
cf-ray: 5c2e31a7bde3dfc7-FRA
cf-bgj: minify

GET
H/2+Q/46 200 js Show response
maps.googleapis.com/maps/api/ 120 KB
39 KB 41ms
35ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?sensor=false&key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

bd93665c8a21dba8190075cf5b7925d7cd5d1f71d46ae2d615061eb3f472be91

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=21
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40321
x-xss-protection: 0
expires: Fri, 14 Aug 2020 23:13:18 GMT

GET
H2 200 SessionControl.js Show response
www.marchofdimes.org/Controls/js/ 440 B
400 B 24ms
17ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/Controls/js/SessionControl.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

91ac221eac84421ab7f7bfff56123c800e3f23b9a05fc46aafac8981f8353edf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3176
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Mon, 04 Mar 2019 18:18:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"79e523a0b6d2d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=1118
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711a200000001
cf-ray: 5c2e31a7bde4dfc7-FRA
cf-bgj: minify

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 25ms
18ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

10a29e157660cf726616eaf4ef975358d50ae1e646d1f5f1fedb264ff73ffc2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35714
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:18 GMT

GET
H2 200 7780304902.js Show response
cdn.optimizely.com/js/ 304 KB
94 KB 37ms
6ms Script
text/javascript 2a02:26f0:eb:389::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/7780304902.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:eb:389::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

AmazonS3 /

Resource Hash

663c301b48aac8360caab5fa86390b21ebc19caa50a08fb7485fcae66ff029cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: VppkejaTo9EE_gZFW.OrmDW5yA7zvopl
content-encoding: gzip
etag: "fc6924745bc4e4d38d573645f8c4446d"
x-amz-request-id: 31C0B8BBFFB9A26D
status: 200
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:eb:389::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 95476
x-amz-id-2: w9CtK0NJ1/1IQ6Y3cBQHbbTL8xHOyVuEcwFvWvan5CFhnqaBqyu/jYrnCbl4BypHO1YgFGZrg2A=
last-modified: Tue, 03 Dec 2019 02:12:57 GMT
server: AmazonS3
date: Fri, 14 Aug 2020 22:43:18 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
x-amz-meta-revision: 503
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 header_loginform.js Show response
www.marchofdimes.org/glue/js/3.0/ 24 KB
5 KB 17ms
11ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/header_loginform.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ec4df20e7a0ba36531199bcc424d84c2dbd2a0d816c94a1348d873f0fd53e3fe

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3176
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Mon, 19 Dec 2016 21:41:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0bbf8aa405ad21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=39767
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711b200000001
cf-ray: 5c2e31a7bde5dfc7-FRA
cf-bgj: minify

GET
H2 200 header.js Show response
www.marchofdimes.org/glue/js/3.0/ 31 KB
7 KB 18ms
12ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/header.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

af6d2d5331d49b61cc953ef7aa0839c6d2439024202691ffecbc14469a139ac9

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3176
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Mon, 14 Sep 2015 21:24:05 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"8088dfae33efd01:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=52413
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711c200000001
cf-ray: 5c2e31a7bde7dfc7-FRA
cf-bgj: minify

GET
H2 200 externalapps.js Show response
www.marchofdimes.org/glue/js/3.0/ 9 KB
3 KB 27ms
21ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/externalapps.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

9613544ac59504c4618676045a6a586f5655ebbc28d7192030099934c9b8b8b5

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Sat, 28 Mar 2020 03:28:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0b558ecb04d61:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=21452
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711d200000001
cf-ray: 5c2e31a7bde8dfc7-FRA
cf-bgj: minify

GET
H2 200 localization.js Show response
www.marchofdimes.org/glue/js/3.0/ 5 KB
2 KB 19ms
14ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/localization.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

65fd17c0820fd15b5ee087d10d0e5fc3a31a4103c1935dc980f6392708fcdbe7

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3176
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 05 Aug 2015 21:03:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"80f4c934c2cfd01:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=6641
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711e200000001
cf-ray: 5c2e31a7bdeadfc7-FRA
cf-bgj: minify

GET
H2 200 inlinescripts_other.js Show response
www.marchofdimes.org/glue/js/3.0/ 40 KB
10 KB 21ms
16ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/inlinescripts_other.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

858265dc0b08c8a5788c445325db30a760296ec6e8e0aa03a34ff7310d1025f2

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 11 Jul 2019 18:22:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"929df0981538d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=81506
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc78711f200000001
cf-ray: 5c2e31a7bdebdfc7-FRA
cf-bgj: minify

GET
H2 200 inlinescripts.js Show response
www.marchofdimes.org/glue/js/3.0/ 23 KB
6 KB 18ms
13ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/3.0/inlinescripts.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

8f6fbd0a8f46bf5ad5a27f97e723ed2b1e5e3c3042a61917b2ebbbb5024d38b9

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 01 Jan 2020 01:09:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"8017211f40c0d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=44588
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd60000dfc787120200000001
cf-ray: 5c2e31a7bdeedfc7-FRA
cf-bgj: minify

GET
H2 200 jquery.fancybox.pack.js Show response
www.marchofdimes.org/glue/js/ 22 KB
8 KB 20ms
15ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/jquery.fancybox.pack.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

fbf7e70d3faced110412e5e31dd3fa176d321e72cbd3c721fd73e19a31ed2ecb

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 18 Dec 2013 17:00:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"80bb11ab12fcce1:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=22598
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd90000dfc787121200000001
cf-ray: 5c2e31a7cdf3dfc7-FRA
cf-bgj: minify

GET
H2 200 mobile-script.js Show response
www.marchofdimes.org/glue/js/ 776 B
494 B 21ms
16ms Script
application/x-javascript 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/glue/js/mobile-script.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

af24b34d4f32afaf47f085e5856b5ca3ebbe6795fc12bd8ae799b94098eb0723

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3175
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 03 Jan 2018 05:43:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"b0a46cd55584d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
cache-control: max-age=14400
cf-polished: origSize=869
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd5cd90000dfc787122200000001
cf-ray: 5c2e31a7cdf6dfc7-FRA
cf-bgj: minify

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
30 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 11 Aug 2020 23:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254672
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Aug 2021 23:58:46 GMT

GET
H2 200 a7780304902.html
a7780304902.cdn.optimizely.com/client_storage/ Frame B147 0
0 69ms
19ms Document
text/html 104.108.68.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a7780304902.cdn.optimizely.com/client_storage/a7780304902.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/7780304902.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.68.187 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-68-187.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a7780304902.cdn.optimizely.com
:scheme: https
:path: /client_storage/a7780304902.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Response headers

status: 200
x-amz-id-2: PYvGRvKuOOocD8/q2H1joU0Rky/a/0r5qYstr+FFVCTS/j4+2Hf+mFrgOWOv/67eJemAosPWS4M=
x-amz-request-id: 39EAB281B8B3EB79
x-amz-replication-status: COMPLETED
last-modified: Tue, 03 Dec 2019 02:14:24 GMT
etag: "c237c5e7dc2d5f9625d90b535c6486d1"
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: jrxJFnG5D7ITn_N8sVHw4L6p_VcM56cQ
accept-ranges: bytes
content-type: text/html; charset=utf-8
content-length: 833
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
date: Fri, 14 Aug 2020 22:43:19 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="104.108.68.187";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H2 200 a.js;m=11217201274803;cache=0.13988908310138237 Show response
ad.atdmt.com/m/ 0
437 B 62ms
38ms Script
text/javascript 2a03:2880:f01c:8004:face:b00c:0:8c
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.atdmt.com/m/a.js;m=11217201274803;cache=0.13988908310138237?revenue={revenue}&order_id={order_id}
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8004:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:19 GMT
x-atlas-debug: AYKaGDyqoR6KichHkW3pasYoH3iVObzikEOZm8Y_uQlBbgbL8mKskkQGeFSEMrgP1ABXlOJpmLnQDAkhKU0pr3z8
p3p: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
status: 200
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/javascript
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
expires: 0

GET
H/2+Q/46 200 gtm.js Show response
www.googletagmanager.com/ 242 KB
56 KB 56ms
42ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR

Requested by

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d03b6dd1fd17ef73fa7ec5632c4fc18a60208b2c7960191b252eabbfe7a3b2ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56962
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 0851.js Show response
script.crazyegg.com/pages/scripts/0023/ 5 KB
2 KB 32ms
16ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0023/0851.js?443734
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd8daff62f8e509deba6711633104d9f213f7ebb4d38dc9cd444ae4dfadc0f59

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: gzip
cf-cache-status: HIT
ce-version: 11.1.68
age: 356426
cf-polished: origSize=5444
status: 200
cf-request-id: 0490bd600b0000d6c9b2acc200000001
last-modified: Mon, 10 Aug 2020 19:42:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: max-age=300
cf-ray: 5c2e31acde93d6c9-FRA
cf-bgj: minify

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5259
date: Fri, 14 Aug 2020 21:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 14 Aug 2020 23:15:40 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/ 39 KB
11 KB 26ms
7ms Script
text/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.marchofdimes.org
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Feb 2019 16:41:46 GMT
status: 200
etag: "1550076106"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 10940

GET
H/2+Q/46 200 js Show response
www.google-analytics.com/gtm/ 75 KB
29 KB 20ms
18ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-W2ZD7L3&t=gtag_UA_219864_1&cid=795816099.1597444999

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f868a56d65e0f28982edca66c628415b8a665c9debc93c09c077671e19dc278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29863
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 11.1.68.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 70 KB
23 KB 16ms
16ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.68.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0023/0851.js?443734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48d02d1758575a3ee0e7ba8a0a1c29666b4f55a00d1bf15fd1703897febf4cdb

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1292682
cf-polished: origSize=71592
status: 200
cf-request-id: 0490bd60260000d6c9b2acf200000001
last-modified: Fri, 17 Jul 2020 16:40:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5c2e31ad0ed2d6c9-FRA
cf-bgj: minify

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 18ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

95552798e18011dd8221d572fb7d0b7761adfab33ae28d226500bb9ae92dc2eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: jH5LGUKtekvDwuEjtU0jPA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
etag: "3c61665e22421154ff6ad406b294b8f2"
x-fb-debug: lUtFPLpGrbXBmaNL2LH3jjDJwmT0/1QIfpD+pTWhjacCZBv5+yxJAKHthxOkkFqHGTga2ov50FHMQQ69p16Niw==
x-fb-trip-id: 664085054
x-fb-content-md5: e3feaead19b9b21899d4fffd08456a4d
x-frame-options: DENY
date: Fri, 14 Aug 2020 22:43:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 14 Aug 2020 22:55:27 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=ff64998a35b971b0b1f31077d08a287f&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3a8787d9536a3d41bf06b83c8a98f7bc7746649b4c9d55103c0ee5282636444b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.marchofdimes.org
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: WpwcoBQvsznVe9Q4pNa3Ag==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 61916
etag: "8f41712b24e8519bbf1f183271180641"
x-fb-debug: irc6Z6Sbu+BldCz5bxf6dbFWeumreGYVimztQEGF8pqdJGWRClgogJgI5sVbJxiFpgp0Snvf90Z64dZHBY9y9g==
x-fb-trip-id: 2042748335
x-fb-content-md5: 3af4359d47b9dfb770a52db077369453
x-frame-options: DENY
date: Fri, 14 Aug 2020 22:43:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sat, 14 Aug 2021 22:28:34 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=333242366&t=pageview&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Dem...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=878134265&_gid=1133444025.1597444999&gjid=702839944&_v=j83&z=2094994092

35 B
133 B

17ms
16ms

Image
image/gif

2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=878134265&_gid=1133444025.1597444999&gjid=702839944&_v=j83&z=2094994092

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 14 Aug 2020 22:43:19 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:19 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=878134265&_gid=1133444025.1597444999&gjid=702839944&_v=j83&z=2094994092
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 415
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8832015

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c1067ea5a1150a18a456fe27ad7e29a8f1af2dd45e89ebcbea609b94f03a85ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35740
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H/2+Q/46 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1001 B 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 21:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2881
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Fri, 14 Aug 2020 22:55:18 GMT

GET
H/2+Q/46 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5259
date: Fri, 14 Aug 2020 21:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 14 Aug 2020 23:15:40 GMT

GET
H/2+Q/46

200

activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-g...
8133010.fls.doubleclick.net/ Frame 6770
Redirect Chain

https://8133010.fls.doubleclick.net/activityi;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport...
https://8133010.fls.doubleclick.net/activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.m...

0
0

66ms
38ms

Document
text/html

216.58.205.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8133010.fls.doubleclick.net/activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.205.230 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s24-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8133010.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 14 Aug 2020 22:43:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 470
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 14-Aug-2020 22:58:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 14 Aug 2020 22:43:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8133010.fls.doubleclick.net/activityi;dc_pre=CPT78q3im-sCFb2Agwcd97IImg;src=8133010;type=retar0;cat=retar0;ord=6225027033977;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/2+Q/46

200

activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-gen...
8832015.fls.doubleclick.net/ Frame ABAA
Redirect Chain

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-g...
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.mar...

0
0

66ms
38ms

Document
text/html

172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8832015.fls.doubleclick.net/activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f230.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8832015.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 14 Aug 2020 22:43:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 472
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 14-Aug-2020 22:58:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 14 Aug 2020 22:43:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLCj863im-sCFdiKdwodSwkPDg;src=8832015;type=rt;cat=donforms;ord=2922354276052;gtm=2wg871;auiddc=899506766.1597444999;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bat.js Show response
bat.bing.com/ 26 KB
8 KB 53ms
27ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:18 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref: Ref A: F633A66786804C3CBF32CE6CA15C7F32 Ref B: FRAEDGE1310 Ref C: 2020-08-14T22:43:19Z
status: 200
etag: "0e0bdafab5bd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8022

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 63ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: gzip
age: 4273
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4021-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1597444999.389395,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 597 B
1 KB 76ms
33ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1202693&mt_adid=192669&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CGWR
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2813 5eaa79d master cdg-pixel-x23 /
Resource Hash: acfa1f03ac087fc08ca7389b23f01c47b31c6d00d412a21d9342af3c070fff57

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:19 GMT
Server: MT3 2813 5eaa79d master cdg-pixel-x23
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 597
Expires: Fri, 14 Aug 2020 22:45:59 GMT

GET
H/1.1 204
No Content cs.js Show response
p.acquireinsight.net/1/e/ 0
192 B 93ms
20ms Script
text/plain 104.111.218.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.acquireinsight.net/1/e/cs.js?v0=MoD&&&&&cid=c013&evid=2404eac9-1bf5-4859-8627-a8781f020f02&suu=1&dmn=www.marchofdimes.org
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.218.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-218-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 14 Aug 2020 22:43:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: 0g69CaHDCx+9/s2AEgra2JPM4KMzIE4DbF8Xhvi1hxAKg3aucqOQQmkWvdWQy3ipvPFWvO5oomx6f5/ul3eFjw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 14 Aug 2020 22:43:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 B21591273.227039140;sz=1x2;ord=22971954490 Show response
ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/ 14 KB
5 KB 296ms
44ms Script
text/javascript 172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=22971954490?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f230.1e100.net

Software

cafe /

Resource Hash

27842383d43efe979f71ffbbd7626be5da534019f8272ac95254c24ffd0f1e4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5166
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46

200

B21581475.265419780;dc_pre=COCCgK7im-sCFdXJuwgd7FEKiQ;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COCCgK7im-sCFdXJuwgd7FEKiQ;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;ta...

42 B
213 B

48ms
48ms

Image
image/gif

172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COCCgK7im-sCFdXJuwgd7FEKiQ;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f230.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:19 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COCCgK7im-sCFdXJuwgd7FEKiQ;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 collect
www.google-analytics.com/ 35 B
109 B 7ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=333242366&t=pageview&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&ul=en-us&de=UTF-8&dt=Make%20a%20donation%20%7C%20March%20of%20Dimes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgUAjQ~&jid=1407241194&gjid=574897894&cid=795816099.1597444999&tid=UA-68863025-2&_gid=1133444025.1597444999&gtm=2wg871M5CGWR&z=479114455

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Aug 2020 20:11:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 268337
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
99 B 17ms
16ms Image
image/gif 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-68863025-2&cid=795816099.1597444999&jid=1407241194&gjid=574897894&_gid=1133444025.1597444999&_u=aGDAgUAjQ~&z=732581812

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 14 Aug 2020 22:43:19 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 133018690663760 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/133018690663760?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8ba7f93799c56a68dbaf2c305dd9be536185bc2911db4e4d3a885300cf9a0ca8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134826
x-xss-protection: 0
pragma: public
x-fb-debug: lIwkZwETCjPSpslm5xpZ9iqiVMs8WrHwniTKWHZFoH6ozRnlbYF36K8t/sRUqHJdqlWGdE47Nj/qt9drG62kdA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 14 Aug 2020 22:43:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
378 B 26ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179668297098&ev=fb_page_view&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&rl=&if=false&ts=1597444999408&sw=1600&sh=1200&at=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 204 0
bat.bing.com/action/ 0
148 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25017097&Ver=2&mid=34200f52-7738-2b81-072a-b9ea60129c1d&sid=3d2e29d32a8f91481717e1436d9f10c2&vid=b8d70396cb968b6d3fc5a179f653bcb0&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Make%20a%20donation%20%7C%20March%20of%20Dimes&kw=march%20of%20dimes,%20prematurity,%20premature,%20preterm,%20premie,%20preemie,%20babies,%20baby,%20pregnancy,%20pregnant,%20fetal%20alcohol%20syndrome,%20down%20syndrome,%20genetic,%20birth%20defects,%20spina%20bifida,%20folic%20acid,%20premature%20birth,%20genetic%20disorders,%20genetic%20diseases&p=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&r=&lt=3076&evt=pageLoad&msclkid=N&sv=1&rn=177788
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Fri, 14 Aug 2020 22:43:18 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 9F79411160C8415E87AFB2D3E9FA8C52 Ref B: FRAEDGE1310 Ref C: 2020-08-14T22:43:19Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 180ms
139ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0bkw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 14 Aug 2020 22:43:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 57fff0f3914f3f0aa00fbcde3f6c665f
x-transaction: 0021aa3b00dada2c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1621384747882069 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1621384747882069?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

926d83ad6e61996b79f32c7912258f16f6a8e628819fd6a5ca2bd1a5f6db43dd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134854
x-xss-protection: 0
pragma: public
x-fb-debug: HNOh56ZjT8//9jgzqa98ylS+8qpH844t65NF5Msw3iBMV7gkqLznJE1aWWqA7Z1YxTiZ0rU3w9RFv4fBzmKt4A==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 14 Aug 2020 22:43:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=133018690663760&ev=PageView&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&rl=&if=false&ts=1597444999455&sw=1600&sh=1200&v=2.9.23&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1597444999454.2138194923&it=1597444999396&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=PageView&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&rl=&if=false&ts=1597444999496&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1597444999454.2138194923&it=1597444999396&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20200810/r20110914/elements/html/ 6 KB
3 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200810/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=22971954490?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98b3047cca6c09036e718abed042ca3cd035918616aa43ed0c4ae4ab317809e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 21:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 349303
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 2642
x-xss-protection: 0
server: cafe
etag: 4377571892113194532
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Aug 2020 21:41:36 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
709 B 103ms
55ms Other
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu85_7diU6XFM13Qzfsl12htsViKKWFMohynP1uGMqFobFvLxPn1Z7NrUBUQXZQWk5Bs_Zw8IfhPZQIcxiC7ruKVtBY1TvbDZqqx92Q2qMGb84qrajI2j1b4wAYV_y1pMmW&sig=Cg0ArKJSzJAcxBaXU4KAEAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20200810.36658&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=22971954490?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 14 Aug 2020 22:43:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=133018690663760&ev=Microdata&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&rl=&if=false&ts=1597444999958&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Make%20a%20donation%20%7C%20March%20of%20Dimes%22%2C%22meta%3Akeywords%22%3A%22march%20of%20dimes%2C%20prematurity%2C%20premature%2C%20preterm%2C%20premie%2C%20preemie%2C%20babies%2C%20baby%2C%20pregnancy%2C%20pregnant%2C%20fetal%20alcohol%20syndrome%2C%20down%20syndrome%2C%20genetic%2C%20birth%20defects%2C%20spina%20bifida%2C%20folic%20acid%2C%20premature%20birth%2C%20genetic%20disorders%2C%20genetic%20diseases%22%2C%22meta%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20can%20help%20improve%20the%20lives%20of%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22March%20of%20Dimes%20-%20Make%20a%20donation%22%2C%22og%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20can%20help%20improve%20the%20lives%20of%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%2C%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fglue%2Fimages%2Fmod-logo-500-500.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1597444999454.2138194923&it=1597444999396&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 Aug 2020 22:43:19 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=Microdata&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&rl=&if=false&ts=1597444999997&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Make%20a%20donation%20%7C%20March%20of%20Dimes%22%2C%22meta%3Akeywords%22%3A%22march%20of%20dimes%2C%20prematurity%2C%20premature%2C%20preterm%2C%20premie%2C%20preemie%2C%20babies%2C%20baby%2C%20pregnancy%2C%20pregnant%2C%20fetal%20alcohol%20syndrome%2C%20down%20syndrome%2C%20genetic%2C%20birth%20defects%2C%20spina%20bifida%2C%20folic%20acid%2C%20premature%20birth%2C%20genetic%20disorders%2C%20genetic%20diseases%22%2C%22meta%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20can%20help%20improve%20the%20lives%20of%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22March%20of%20Dimes%20-%20Make%20a%20donation%22%2C%22og%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20can%20help%20improve%20the%20lives%20of%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%2C%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fglue%2Fimages%2Fmod-logo-500-500.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1597444999454.2138194923&it=1597444999396&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:20 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 Aug 2020 22:43:20 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
365 B 420ms
103ms XHR
text/plain 34.194.80.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/7780304902.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.80.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-80-163.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 14 Aug 2020 22:43:20 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 30ed87c9-4797-4ca1-a7c5-7fb76753c88b

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
5 KB 75ms
31ms Script
application/x-javascript 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.marchofdimes.org&source=checkoutjs&t=xo&v=4.0.317

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Resource Hash

7d42fd2cf7adef6e2ca9b9b706eef67e44e0f120c1435ea233807b8eda62fc55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-lPwu5YNMkcdiMhwvw3oVbQelQ7EkAo07uqG2O/7mV3ejmc0n' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline'; form-action 'self' https://.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 182
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-lPwu5YNMkcdiMhwvw3oVbQelQ7EkAo07uqG2O/7mV3ejmc0n' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline'; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
status: 200
paypal-debug-id: 3c91860c691f3
dc: phx-origin-www-2.paypal.com
vary: Accept-Encoding
content-length: 4456
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:21 GMT
strict-transport-security: max-age=63072000
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
etag: W/"310f-FGviSVLWgsmjFEfYfieMcNrYi0M"

GET
H/2+Q/46 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cbadf1f97b9c2b3263f2a3ec354d7cd3a997195b19ffb22e8e032eae20a44026

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35736
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:21 GMT

GET
H/2+Q/46 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bea8356373e9749dff107019f34ce4b85e5126f47b2234de5cbc50a517116210

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35752
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Aug 2020 22:43:21 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
480 B 31ms
31ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2813 5eaa79d master cdg-pixel-x10 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:21 GMT
Server: MT3 2813 5eaa79d master cdg-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 14 Aug 2020 22:46:01 GMT

GET
H/1.1 200
OK sessionstabilizer Show response
payments.amazon.com/gp/widgets/ 89 B
1 KB 343ms
135ms XHR
application/json 54.239.29.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.amazon.com/gp/widgets/sessionstabilizer?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.239.29.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: f318a7545efb82dd863f74cca6247b671db78ea14c6bc8035f659e436f45a4e8

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:21 GMT
Server: Server
x-amz-rid: H4F5QGK69STHQ426X8X9
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://www.marchofdimes.org
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 login.js Show response
static-na.payments-amazon.com/v2/ 42 KB
13 KB 25ms
25ms Script
application/javascript 13.226.155.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/v2/login.js
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-82.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c2d41e8c20832fada3f9757cb99cf8a9d6f247b56f4a06eb17b79f9d50af2ba3

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: TJ8CYtwx31Er_Dtu3TJYRFy986AME8eI
content-encoding: gzip
last-modified: Tue, 11 Aug 2020 09:41:48 GMT
server: AmazonS3
age: 192
date: Fri, 14 Aug 2020 22:40:10 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=1200,public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: ZzjDNnAVRzwhjiOCUv4YBX03duTzq4jhKLDbnjP0Q1_ba9v4IRpEqw==
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 31ms
30ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11332
x-xss-protection: 0
server: cafe
etag: 5272426352805486351
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 14 Aug 2020 22:43:21 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
718 B 223ms
188ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Make%20a%20donation%20%7C%20March%20of%20Dimes&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1597445001669&g=-120&completeurl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
via: 1.1 varnish, 1.1 varnish
age: 0, 0, 0, 0
x-cache: MISS, MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
status: 200
http_x_pp_az_locator: slca.slc
x-cache-hits: 0, 0
shield-pop: LAX
content-length: 42
x-served-by: cache-lax8642-LAX, cache-ams21048-AMS
pragma: no-cache
server: akka-http/10.1.11
x-timer: S1597445002.712269,VS0,VE174
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, no-transform
accept-ranges: bytes, bytes, bytes, bytes
expires: Fri, 14 Aug 2020 22:43:21 GMT

GET
H2 200 amazonpay-logo-rgb_clr._CB1560911315_.svg
www.marchofdimes.org/DonationFormV3/images/ 14 KB
7 KB 446ms
445ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/amazonpay-logo-rgb_clr._CB1560911315_.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

76e176c84a00ae3eea4b5199270046d6c7f4873b19e4ce77d6e1ee48d8896cbb

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd69d20000dfc7871de200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 22 Aug 2019 05:56:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0446c67ae58d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31bc8960dfc7-FRA

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/marchofdimes.org/ 195 B
983 B 681ms
176ms XHR
application/json 52.218.232.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/marchofdimes.org/client.json?source=jsmain
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.232.80 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3d73abab391ff929484d75a93d2b20d9bf05470018a6729da44619e60c5ef7ae

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Content-Encoding: gzip
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: EA0B47778D6B5C50
x-amz-replication-status: COMPLETED
Content-Length: 167
x-amz-id-2: FV7wLpy0AgrSsPV+D2yrfG8WRIXwhjCtTMcLWdKhig+XCDrFczBjMJ7WKPLKAgYqofo55/lYaX8=
Last-Modified: Thu, 13 Aug 2020 12:02:57 GMT
Server: AmazonS3
ETag: "992b9f8c8b72882d108e49356e71ed73"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
x-amz-version-id: 1QSQzD9.3S9rA3vgGzXACMk4fM5WyShn
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Cache-Control: public, max-age=60
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/json

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/marchofdimes.org/ 195 B
983 B 862ms
181ms XHR
application/json 52.218.232.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/marchofdimes.org/client.json?source=jsinline
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.232.80 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3d73abab391ff929484d75a93d2b20d9bf05470018a6729da44619e60c5ef7ae

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Content-Encoding: gzip
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: A5B8BB77F8D28630
x-amz-replication-status: COMPLETED
Content-Length: 167
x-amz-id-2: K/c3MvwyXmr+j54bFG27/9ojRKta9BIsDO6IGCpVslI29mmXnJuNLv/pSBkV7EnrW9kmItY38Qw=
Last-Modified: Thu, 13 Aug 2020 12:02:57 GMT
Server: AmazonS3
ETag: "992b9f8c8b72882d108e49356e71ed73"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
x-amz-version-id: 1QSQzD9.3S9rA3vgGzXACMk4fM5WyShn
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Cache-Control: public, max-age=60
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/json

GET
H/1.1 200
OK siteseal_gd_3_h_l_m.gif
seal.godaddy.com/images/3/en/ 4 KB
4 KB 168ms
167ms Image
image/gif 173.201.249.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal.godaddy.com/images/3/en/siteseal_gd_3_h_l_m.gif
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.201.249.4 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-173-201-249-4.ip.secureserver.net
Software: Apache /
Resource Hash: 1449346947ba3d2266f702cc5488e1a0fb75ef67cdb105d5dbe178eff0af14b2

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:21 GMT
Cache-Control: max-age=86400
Expires: Sat, 15 Aug 2020 22:43:21 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3827
Content-Type: image/gif

GET
H/1.1 200
OK accountStatus Show response
payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/ 34 B
350 B 322ms
113ms XHR
application/json 54.239.29.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/accountStatus?countryOfEstablishment=US&ledgerCurrency=USD
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.239.29.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:21 GMT
Server: Server
x-amz-rid: 501BJVMV4ENNN5QK119X
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/ 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/?random=1597445001857&cv=9&fst=1597445001857&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f1c7200df30d6e65194fe5c344249a5b2dbe2d342d50e3e43b419102fe7d906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/ 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/?random=1597445001862&cv=9&fst=1597445001862&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9142c57f3e0bb30ea607f4437caf1b41b0c6632e47218cb4dbcfcbb63a6dbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 siteanalyze_6027462.js Show response
siteimproveanalytics.com/js/ 22 KB
8 KB 41ms
25ms Script
application/javascript 2606:4700:e2::ac40:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6027462.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a5766455ceaf374cbc394346b0aaf70483c51ff86c3a6be2836988ac22740bf

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 3920
cf-ray: 5c2e31bdcb4d3244-FRA
status: 200
content-length: 7817
x-amz-id-2: NQu/PdKO0I/KIH2CQykngynkzZN6BqcYNsdghZybcOvSE9Be+nWvszybQRcaBTCKzmJXsM7DR+E=
last-modified: Tue, 07 Apr 2020 17:09:06 GMT
server: cloudflare
etag: "11dda1b69d6e8ef41156c108f1371364"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 335F35BDA74C8742
cache-control: max-age=86400, no-transform
cf-request-id: 0490bd6aa00000324415b98200000001
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
652 B 184ms
143ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0bkw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 123
pragma: no-cache
last-modified: Fri, 14 Aug 2020 22:43:22 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 2e22a27bfdf59d8b89563d99dba74974
x-transaction: 0026ff5b000fa723
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 plugin_settings Show response
doublethedonation.com/api/v1/ 414 B
462 B 288ms
97ms XHR
application/json 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://doublethedonation.com/api/v1/plugin_settings?customer_id=ZTIwYzg1ZjQtNDM3

Requested by

Host: doublethedonation.com
URL: https://doublethedonation.com/api/js/ddplugin.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.96.109.67 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

2f6105ce9656689adcaf2848da002df1957f9a8814ddb596df80a56a75d71690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: nginx
status: 200
x-frame-options: sameorigin
access-control-allow-methods: GET
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
vary: Accept-Encoding
xdebug: v1/plugin_settings

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TPiWapjoyMdQOtxLT9_b4n2W/ 331 KB
131 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TPiWapjoyMdQOtxLT9_b4n2W/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=oncaptchaload&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e42f7806fd699d172d728f73f966a5d173cad2f4091aeed75cdb6ef611b4396e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 03:10:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 10 Aug 2020 04:05:32 GMT
server: sffe
age: 243200
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133738
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:10:01 GMT

POST
H2 200 processExternalAppsWS.aspx Show response
www.marchofdimes.org/processExternal/ 809 B
2 KB 574ms
574ms XHR
text/html 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/processExternal/processExternalAppsWS.aspx

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e5b99336fd6c8080d60dd13a17097121df45c4e8120867f7c66f00c96e579279

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept: */*
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
status: 200
vary: *
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
access-control-allow-origin: http://www.marchofdimes.org
cache-control: public
x-stackifyid: V2|c13214b7-261b-4d1c-abb8-5ba61eaf24d9|C58819|CD5
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd6ac90000dfc7871fc200000001
cf-ray: 5c2e31be0bbddfc7-FRA
expires: Sat, 15 Aug 2020 00:43:22 GMT

GET
H/2+Q/46 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
816 B 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 818
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
expires: Fri, 14 Aug 2020 23:29:43 GMT

GET
H2 200 coronavirus-bg-donation-1400x940.png
www.marchofdimes.org/glue/images/ 165 KB
165 KB 456ms
456ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/glue/images/coronavirus-bg-donation-1400x940.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c4b2d7a02fed68561be87cf97d0faad6cca60b1a7baa7f7fc356e876a2a1be1f

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "606803e8f7d51:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="coronavirus-bg-donation-1400x940.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 168606
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Wed, 11 Mar 2020 20:59:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=270862
cf-request-id: 0490bd6add0000dfc7871fd200000001
accept-ranges: bytes
cf-ray: 5c2e31be2be2dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 Monthly%20gift%20icon.png
www.marchofdimes.org/DonationFormV3/images/ 296 B
559 B 441ms
440ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/Monthly%20gift%20icon.png

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

745ec3284cec6b06537ee1ad60d268496dba4cc3686d2b6f7a39725d9a09c1db

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "49217db570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="Monthly%20gift%20icon.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 296
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=3374
cf-request-id: 0490bd6ade0000dfc7871fe200000001
accept-ranges: bytes
cf-ray: 5c2e31be3be5dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 Gift%20icon.png
www.marchofdimes.org/DonationFormV3/images/ 292 B
704 B 438ms
437ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/Gift%20icon.png

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

eb480c362421e90e4fce9a32de23bb0494608636f6545de2788394eeb53d6dc3

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm.css?v=061920201
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "89b73b570a5d11:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="Gift%20icon.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 292
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Tue, 03 May 2016 19:19:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=3364
cf-request-id: 0490bd6ade0000dfc7871ff200000001
accept-ranges: bytes
cf-ray: 5c2e31be3be8dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

POST
H2 200 DonationFormProcess.ashx Show response
www.marchofdimes.org/DonationFormV3/ 3 KB
2 KB 623ms
622ms XHR
text/xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/DonationFormProcess.ashx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ece140dc1031a47037dee623c5e54a4e6dedc756f164dc663948e91f39f299b0

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKpEcGoaiFGum8GGJ

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/xml; charset=utf-8
x-stackifyid: V2|38c5b217-dea6-4e53-96d8-73548e6013cc|C58819|CD5
cache-control: private
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd6ae00000dfc787200200000001
cf-ray: 5c2e31be3bebdfc7-FRA

POST
H2 200 DonationFormProcess.ashx Show response
www.marchofdimes.org/DonationFormV3/ 3 KB
2 KB 605ms
605ms XHR
text/xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/DonationFormV3/DonationFormProcess.ashx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

b41a980d1f833373f29b49b63549f39f2e28ef46b62011bc697bff0b2b7c2529

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryleIZ01boSMoqK0nJ

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/xml; charset=utf-8
x-stackifyid: V2|e2eb68ef-d722-4e02-ac6e-619a4f449d1d|C58819|CD5
cache-control: private
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd6ae00000dfc787201200000001
cf-ray: 5c2e31be3beddfc7-FRA

GET
H2 200 visa-logo.svg
www.marchofdimes.org/DonationFormV3/images/ 609 B
2 KB 444ms
443ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/visa-logo.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

2345395c646d1c9a3ac2753af47fd0ec9fc7246b80409a1a194ece131b2d27df

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd6ae30000dfc787202200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 22 Aug 2019 05:08:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0bc45a9a758d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31be3bf1dfc7-FRA

GET
H2 200 mastercard-logo.svg
www.marchofdimes.org/DonationFormV3/images/ 4 KB
2 KB 16ms
15ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/mastercard-logo.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

9412fa4d1f7f5eb081d720c03648a1946fea87e31a564377f338835ef8051ff6

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3843
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Fri, 23 Aug 2019 18:07:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"a6513ea7dd59d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-request-id: 0490bd6ae40000dfc787203200000001
cf-ray: 5c2e31be3bf3dfc7-FRA

GET
H2 200 AXP_BlueBoxLogo_EXTRALARGEscale_RGB_DIGITAL_1600x1600.png
www.marchofdimes.org/DonationFormV3/images/ 10 KB
10 KB 453ms
452ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/AXP_BlueBoxLogo_EXTRALARGEscale_RGB_DIGITAL_1600x1600.png

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

47bb976398f1654ec19b8bf5fe0527da48fb8ee29bb6fc2950bff4f687efefd2

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "0108a36aa58d51:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="AXP_BlueBoxLogo_EXTRALARGEscale_RGB_DIGITAL_1600x1600.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 9830
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 22 Aug 2019 05:26:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=50575
cf-request-id: 0490bd6ae40000dfc787204200000001
accept-ranges: bytes
cf-ray: 5c2e31be3bf6dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 discover-logo.svg
www.marchofdimes.org/DonationFormV3/images/ 2 KB
1 KB 440ms
440ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/discover-logo.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

56c2d4412df23862b7f299aff378454135fa4b8d43ab90920ebc44b4af33bc7a

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd6ae40000dfc787205200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 22 Aug 2019 05:09:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0ab62b6a758d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31be3bf7dfc7-FRA

GET
H2 200 paypal-logo.svg
www.marchofdimes.org/DonationFormV3/images/ 3 KB
1017 B 452ms
451ms Image
image/svg+xml 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/paypal-logo.svg

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

8540463f52917494e0304ce808904dbc989ad258708ec6aff520846653bd28bf

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
cf-request-id: 0490bd6ae40000dfc787206200000001
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 22 Aug 2019 05:12:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"04dbf34a858d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-xss-protection: 1
cache-control: max-age=14400
content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
cf-ray: 5c2e31be3bf8dfc7-FRA

POST
H2 204 performance Show response
www.marchofdimes.org/cdn-cgi/beacon/ 0
56 B 15ms
15ms XHR
text/plain 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/cdn-cgi/beacon/performance?req_id=5c2e31a01900dfc7

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/json

Response headers

status: 204
date: Fri, 14 Aug 2020 22:43:21 GMT
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 5c2e31be5c30dfc7-FRA
cf-request-id: 0490bd6af40000dfc787208200000001

GET
H/2+Q/46 200 /
www.google.com/pagead/1p-user-list/794610601/ 42 B
304 B 20ms
19ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794610601/?random=1597445001857&cv=9&fst=1597442400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&async=1&fmt=3&is_vtc=1&random=614524932&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794610601/ 42 B
153 B 28ms
28ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794610601/?random=1597445001857&cv=9&fst=1597442400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&async=1&fmt=3&is_vtc=1&random=614524932&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 /
www.google.com/pagead/1p-user-list/1071894384/ 42 B
65 B 20ms
19ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071894384/?random=1597445001862&cv=9&fst=1597442400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&async=1&fmt=3&is_vtc=1&random=3358324034&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071894384/ 42 B
107 B 27ms
26ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071894384/?random=1597445001862&cv=9&fst=1597442400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa871&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&tiba=Make%20a%20donation%20%7C%20March%20of%20Dimes&async=1&fmt=3&is_vtc=1&random=3358324034&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ 0
363 B 570ms
117ms XHR
application/json 52.94.230.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://apay-us.amazon.com/cs/uedata
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.230.189 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Fri, 14 Aug 2020 22:43:22 GMT
Server: Server
x-amz-rid: 1TREM8FMRJHY3QT96TJ4
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK abTestV2 Show response
payments.amazon.com/ 238 B
621 B 111ms
111ms XHR
application/json 54.239.29.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.amazon.com/abTestV2?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false&encryptedSessionId=FW43DyIXA0FVfLWEDQjhaRTbXDR1GeKUFOtWW9nEcgpeR%252FxOXbrZJjFM5olRHrM%253D
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.239.29.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 5d919e67b3ddbc780eb3a6af5cef3ff6d49fe7847856969f094a1e559afb2205

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:22 GMT
Server: Server
x-amz-rid: T29K13Z8ZMC245DDSBAX
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://www.marchofdimes.org
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H/2+Q/46

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=333242366&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3D...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=1089972363&_gid=1133444025.1597444999&gjid=1051061287&_v=j83&z=1080189602

35 B
399 B

30ms
15ms

Image
image/gif

2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=1089972363&_gid=1133444025.1597444999&gjid=1051061287&_v=j83&z=1080189602

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 14 Aug 2020 22:43:22 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:22 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-219864-1&cid=795816099.1597444999&jid=1089972363&_gid=1133444025.1597444999&gjid=1051061287&_v=j83&z=1080189602
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 417
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 235ms
195ms Other
application/json 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.paypal.com/xoplatform/logger/api/logger
Protocol: H2
Server: 104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-228-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-app-name,x-requested-with
Origin: https://www.marchofdimes.org
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: content-type,x-app-name,x-requested-with
access-control-allow-methods: POST
access-control-allow-origin: https://www.marchofdimes.org

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 2 B
1 KB 232ms
232ms XHR
application/json 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

/ Express

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

x-app-name: checkoutjs
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

x-edgeconnect-origin-mex-latency: 62
date: Fri, 14 Aug 2020 22:43:22 GMT
x-content-type-options: nosniff
status: 200
x-powered-by: Express
strict-transport-security: max-age=63072000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.marchofdimes.org
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-edgeconnect-midmile-rtt: 149
paypal-debug-id: 263d2ddddd6c5
dc: phx-origin-www-1.paypal.com
content-length: 2
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"

GET
H/2+Q/46 200 anchor
www.google.com/recaptcha/api2/ Frame 22FD 0
0 37ms
36ms Document
text/html 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&co=aHR0cHM6Ly93d3cubWFyY2hvZmRpbWVzLm9yZzo0NDM.&hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&size=normal&cb=r56mckclp4j0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TPiWapjoyMdQOtxLT9_b4n2W/recaptcha__en.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KXTHF+DCf7KVXUrhP4Jt5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&co=aHR0cHM6Ly93d3cubWFyY2hvZmRpbWVzLm9yZzo0NDM.&hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&size=normal&cb=r56mckclp4j0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 14 Aug 2020 22:43:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-KXTHF+DCf7KVXUrhP4Jt5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10086
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK image.aspx
6027462.global.siteimproveanalytics.io/ 34 B
613 B 135ms
26ms Image
image/gif 18.195.36.108
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6027462.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&title=Make%20a%20donation%20%7C%20March%20of%20Dimes&res=1600x1200&accountid=6027462&rt=6073&prev=1597445016869&luid=931fa21c-5ce4-edb7-22d3-c5b6c4e6d5b7&rnd=87365
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.36.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-36-108.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:22 GMT
Cache-Control: max-age=0
Expires: Fri, 14 Aug 2020 22:43:22 UTC
Connection: keep-alive
Content-Type: image/gif
Content-Length: 34
P3p: NOI OUR IND COM NAV INT

GET
H2 200 PwA.png
d2ldlvi1yef00y.cloudfront.net/default/us/live/lwa/gold/medium/ 3 KB
3 KB 48ms
10ms Image
image/png 2600:9000:2182:3c00:14:4f74:f880:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2ldlvi1yef00y.cloudfront.net/default/us/live/lwa/gold/medium/PwA.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:3c00:14:4f74:f880:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 03:24:45 GMT
via: 1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified: Wed, 25 Jul 2018 00:13:37 GMT
server: AmazonS3
age: 69518
etag: "a06d383d676e4682cdf81b57dd9a13d3"
x-cache: Hit from cloudfront
status: 200
cache-control: max-age=86400,public
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 3228
x-amz-cf-id: FZfXSdh4FN0xlN53j21Xt5-73pupgoIO1_TnQW_No8d6rqC9uenLDQ==

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ 0
446 B 326ms
119ms XHR
application/json 52.94.230.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://apay-us.amazon.com/cs/uedata
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.230.189 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Fri, 14 Aug 2020 22:43:22 GMT
Server: Server
x-amz-rid: QRT58S09MA1WSZKHQNYS
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/2+Q/46 200 bframe
www.google.com/recaptcha/api2/ Frame CE4C 0
0 70ms
69ms Document
text/html 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&cb=97xoxcqe3c1r

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TPiWapjoyMdQOtxLT9_b4n2W/recaptcha__en.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/8UpPdNVHM8EuuS55caQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=TPiWapjoyMdQOtxLT9_b4n2W&k=6Lfha64UAAAAAAaC8qsBThPCJUej82T-YJTO1BUH&cb=97xoxcqe3c1r
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 14 Aug 2020 22:43:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-/8UpPdNVHM8EuuS55caQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1175
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dtd-square-logo.svg
doublethedonation.com/api/img/ 888 B
741 B 96ms
96ms Image
image/svg+xml 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doublethedonation.com/api/img/dtd-square-logo.svg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.96.109.67 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

45f81d389fbd1a796520e7bbcdde57c9a7446898f109a9c88a9000dba250b813

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 14 Aug 2020 07:17:26 GMT
server: nginx
status: 200
x-frame-options: sameorigin
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-credentials: true
vary: Accept-Encoding
xdebug: img/dtd-square-logo.svg

GET
H2 200 ajax Show response
www.trustedsite.com/rpc/ 6 B
511 B 564ms
183ms Script
text/javascript 52.42.194.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=marchofdimes.org&rand=1597445002371

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.194.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-42-194-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
content-type: text/javascript; charset=UTF-8
status: 200
content-length: 26
x-xss-protection: 1; mode=block

GET
H2 200 212.svg
cdn.ywxi.net/meter/marchofdimes.org/ 21 KB
8 KB 357ms
356ms Image
image/svg+xml 2600:9000:2182:de00:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.ywxi.net/meter/marchofdimes.org/212.svg?ts=1597320176082&l=en-US

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2182:de00:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
x-amz-cf-pop: DUS51-C1
status: 200
x-cache: Miss from cloudfront
content-type: image/svg+xml; charset=UTF-8
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
cache-control: public
content-length: 7871
x-xss-protection: 1; mode=block
x-amz-cf-id: LOdB2a4rnHXCscYiyFMb-i0HLVHloKu7qcIFhu49NI39W97bloV5tQ==
expires: Fri, 14 Aug 2020 23:43:22 GMT

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 85ms
30ms Other 13.226.155.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.braintree-api.com/graphql
Protocol: H2
Server: 13.226.155.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-107.dus51.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,braintree-version,content-type
Origin: https://www.marchofdimes.org
Sec-Fetch-Mode: cors

Response headers

status: 200
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.marchofdimes.org
access-control-max-age: 1800
date: Fri, 14 Aug 2020 22:43:22 GMT
x-cache: Miss from cloudfront
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: eQjb3tCxn36DKMwfBxougJydmRuQk3EOAGxMsfKINU0MYUvD6HBBEA==

POST
H2 200 graphql Show response
payments.braintree-api.com/ 2 KB
2 KB 369ms
368ms XHR
application/json 13.226.155.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.34.0/js/client.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.107 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-107.dus51.r.cloudfront.net

Software

Resource Hash

9a87d97587f0dcf5a6f0a1c3a43b19cc89753cc58876d85a01bd57e5c03ddf99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE1OTc1MzE0MDIsImp0aSI6IjY2ZDdlMjg4LWZkMDEtNGI0Zi05NGFmLWM5MjY3NTU5YzhiNiIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.r3Y1LbEdTAc-CB-q0547yxMGjRkc6IRlACHnkxX8B101vd7IkaQV8Wt6x6sSM2M3xtpbTFcUxq8SzWyGjWXv-Q
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: gzip
vary: Braintree-Version, Accept-Encoding
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1093
pragma: no-cache
access-control-allow-origin: https://www.marchofdimes.org
braintree-version: 2016-10-07
content-type: application/json
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-amz-cf-id: RdGkrgOKXAHnkHEoatQtKiNB1KDflFPWxxs9m-mnukykEAkU51rQLw==

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 76ms
36ms Other 13.226.155.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.braintree-api.com/graphql
Protocol: H2
Server: 13.226.155.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-107.dus51.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,braintree-version,content-type
Origin: https://www.marchofdimes.org
Sec-Fetch-Mode: cors

Response headers

status: 200
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.marchofdimes.org
access-control-max-age: 1800
date: Fri, 14 Aug 2020 22:43:22 GMT
x-cache: Miss from cloudfront
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 1Dr9Nizd32uzfmIQElARt9Il1K6x7F-tmrszO_rijZqkfoxHeW6tKA==

POST
H2 200 graphql Show response
payments.braintree-api.com/ 2 KB
2 KB 348ms
348ms XHR
application/json 13.226.155.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.34.0/js/client.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.107 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-107.dus51.r.cloudfront.net

Software

Resource Hash

f80d350fa6e55dca568843208b17dd96d4baac672a187ea29139cc5e1bf4b623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE1OTc1MzE0MDIsImp0aSI6IjJiNGQwNTNjLWJmZGItNGJhYi1hYWY5LTYwYmRhYjE5OWM4NyIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.uy28oRUh4FANPe2arFInnmzA6qi9WH6AivQuZHJRFPBC8gmVtBrnmvyeGMANr_HU5r3kadMN8c2BBslqmWCQEg
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

date: Fri, 14 Aug 2020 22:43:22 GMT
content-encoding: gzip
vary: Braintree-Version, Accept-Encoding
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1092
pragma: no-cache
access-control-allow-origin: https://www.marchofdimes.org
braintree-version: 2016-10-07
content-type: application/json
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-amz-cf-id: sqyjkEcoDTPRAFEOFvN4p2L7sV_PGpCsllW7qdG56Y3i_cekMr3OBg==

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 172ms
27ms Other 52.58.188.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Server: 52.58.188.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-188-112.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.marchofdimes.org
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Max-Age: 3000
Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ 0
285 B 29ms
29ms XHR
text/plain 52.58.188.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.34.0/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.188.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-188-112.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ 55 KB
19 KB 51ms
14ms Script
application/x-javascript 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://c.paypal.com/da/r/fb.js
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.34.0/js/data-collector.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 3d9694d4605fd934422db49544a5f583e630f0af9ac297573a04f7a825266972

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 14 Aug 2020 22:43:23 GMT
content-encoding: gzip
age: 158571
x-cache: HIT
status: 200
shield-pop: AMS
content-length: 18905
x-served-by: cache-ams21043-AMS
last-modified: Thu, 19 Mar 2020 20:20:51 GMT
server: Apache
x-timer: S1597445003.052814,VS0,VE0
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 15 Aug 2020 22:43:23 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 5014

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 157ms
28ms Other 52.58.188.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Server: 52.58.188.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-188-112.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.marchofdimes.org
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Max-Age: 3000
Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: nginx
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ 0
285 B 31ms
30ms XHR
text/plain 52.58.188.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.34.0/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.188.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-188-112.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://www.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 Check-icon-new.png
www.marchofdimes.org/DonationFormV3/images/ 1 KB
2 KB 444ms
444ms Image
image/webp 2606:4700:10::ac43:a5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.marchofdimes.org/DonationFormV3/images/Check-icon-new.png

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f7d27b4f4c14f5f2d7186077923b7571eff9243614aba0e76013aca272838f4c

Security Headers

Name	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.marchofdimes.org/DonationFormV3/css/DonationForm_PaymentTypeButtons_Updates2019.css?v=1020192
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com;
etag: "2ff4b917b8ad51:0"
cf-cache-status: REVALIDATED
x-powered-by: ASP.NET
status: 200
content-disposition: inline; filename="Check-icon-new.webp"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1382
x-xss-protection: 1
public-key-pins: pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
x-ua-compatible: IE=edge
last-modified: Thu, 24 Oct 2019 14:59:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Fri, 14 Aug 2020 22:43:23 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
cf-polished: origFmt=png, origSize=4459
cf-request-id: 0490bd6f130000dfc787243200000001
accept-ranges: bytes
cf-ray: 5c2e31c4ef86dfc7-FRA
x-content-type-options: nosniff
cf-bgj: imgq:100,h2pri

GET
H2 200 i
c.paypal.com/v1/r/d/ Frame 340F 0
0 177ms
176ms Document
text/html 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: c.paypal.com
:scheme: https
:path: /v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: x-cdn=akamai; ts=vreXpYrS%3D1692053001%26vteXpYrS%3D1597446801%26vr%3Def24524e1730a491a9937346ffffffff%26vt%3Def24524e1730a491a9937346fffffffe; ts_c=vr%3Def24524e1730a491a9937346ffffffff%26vt%3Def24524e1730a491a9937346fffffffe
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota

Response headers

status: 200
correlation-id: 3f9fcf1e21150
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
paypal-debug-id: 3f9fcf1e21150
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
shield-pop: LHR
accept-ranges: bytes none
via: 1.1 varnish 1.1 varnish
date: Fri, 14 Aug 2020 22:43:23 GMT
x-served-by: cache-lhr7366-LHR, cache-ams21043-AMS
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1597445003.097839,VS0,VE162
vary: Accept-Encoding
content-encoding: br

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/ Frame B9DA
Redirect Chain

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14

42 B
299 B

104ms
33ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=2779fe7cadc3fa506ff0805a0d2f08f9&t=1597445003.008&a=14
Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
365 B 105ms
105ms XHR
text/plain 34.194.80.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/7780304902.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.80.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-80-163.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 14 Aug 2020 22:43:23 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.marchofdimes.org
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 9295bc29-69d3-4d2f-a9d4-27de67d1ae56

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/41/8/ 78 KB
29 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/41/8/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?sensor=false&key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d61f511a1bdc441e3b0e1ce33ead66e051aa0f6e39f6c2e428468a1de6d5496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 11 Aug 2020 06:13:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jul 2020 06:13:00 GMT
server: sffe
age: 318580
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29287
x-xss-protection: 0
expires: Wed, 11 Aug 2021 06:13:44 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/41/8/ 144 KB
53 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/41/8/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?sensor=false&key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aee55f1d6a13bb89ad87b393b9a3b335ef580e75d08b50e9efb21699da4fe857

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 09:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jul 2020 06:13:00 GMT
server: sffe
age: 219910
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54471
x-xss-protection: 0
expires: Thu, 12 Aug 2021 09:38:14 GMT

GET
H/2+Q/46 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 60 B
124 B 55ms
55ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.marchofdimes.org%2Fgiving%2Fsupport-general.aspx%3Futm_source%3Dmarchofdimes%26utm_medium%3Demail%26utm_campaign%3Dbreach%26utm_content%3Dwashington%2520and%2520north%2520dakota&4sAIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&callback=_xdc_._ui6se&key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&token=62348

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/41/8/common.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

be007086fab74f7e00bc31638e0263bad928f5c589fe6b7baab5dc2928aeaa7b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/giving/support-general.aspx?utm_source=marchofdimes&utm_medium=email&utm_campaign=breach&utm_content=washington%20and%20north%20dakota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Aug 2020 22:43:24 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=41
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger

Verdicts & Comments Add Verdict or Comment

259 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.marchofdimes.org/	1970-01-19 12:27:16	Name: __cfduid Value: d96225d02c3bf13508d86e935339b6de61597444997

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.marchofdimes.org/glue/js/script.js(Line 1) Message: script loaded.
console-api	log	URL: https://cdn.ywxi.net/js/1.js(Line 110) Message: trustedsite-inline rescan enabled
console-api	log	(Line 1044) Message: Browser does not support Venmo
console-api	log	(Line 1232) Message: ACH Instance success [object Object]
console-api	warning	URL: https://maps.googleapis.com/maps-api-v3/api/js/41/8/util.js(Line 228) Message: Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' .marchofdimes.com .marchforbabies.org .marchofdimes.org .ywxi.net .addthis.com .addthisedge.com feed2js.org .cloudfront.net .crazyegg.com ajax.googleapis.com .juicer.io api.usersnap.com .optimizely.com .google-analytics.com .googletagmanager.com .googleapis.com .twitter.com .facebook.com .facebook.net .doubleclick.net .visualwebsiteoptimizer.com .atdmt.com .adsrvr.org .youtube.com .googleadservices.com .cetrk.com .rfihub.net .gwallet.com .godaddy.com .amazonaws.com .adroll.com doublethedonation.com .braintreegateway.com .payments-amazon.com .paypalobjects.com .paypal.com .amazon.com .ssl-images-amazon.com .google.com .bing.com .mathtag.com .acquireinsight.net code.highcharts.com .jquery.com .cloudflare.com .rfihub.com .formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com .pinimg.com .amazonpay.com static.ads-twitter.com .braintree-api.com .hotjar.com p2a.co .gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com .trustedsite.com c.sharethis.mgr.consensu.org .osano.com l.sharethis.com .cookielaw.org .pinterest.com pixel-a.basis.net pixel.sitescout.com .googlesyndication.com maxcdn.bootstrapcdn.com .moatads.com .cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net .hubspot.com .marketo.net *.mktoresp.com;
Public-Key-Pins	pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6027462.global.siteimproveanalytics.io
8133010.fls.doubleclick.net
8832015.fls.doubleclick.net
a7780304902.cdn.optimizely.com
ad.atdmt.com
ad.doubleclick.net
ajax.cloudflare.com
ajax.googleapis.com
analytics.twitter.com
apay-us.amazon.com
b.stats.paypal.com
bat.bing.com
c.paypal.com
cdn.optimizely.com
cdn.ywxi.net
cdnjs.cloudflare.com
client-analytics.braintreegateway.com
connect.facebook.net
d2ldlvi1yef00y.cloudfront.net
doublethedonation.com
dub.stats.paypal.com
e-mail.marchofdimes.org
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
js.braintreegateway.com
logx.optimizely.com
maps.googleapis.com
maxcdn.bootstrapcdn.com
p.acquireinsight.net
pagead2.googlesyndication.com
payments.amazon.com
payments.braintree-api.com
pixel.mathtag.com
s3-us-west-2.amazonaws.com
script.crazyegg.com
seal.godaddy.com
siteimproveanalytics.com
static-na.payments-amazon.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
t.paypal.com
widgets.guidestar.org
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.marchofdimes.org
www.paypal.com
www.paypalobjects.com
www.trustedsite.com
www.paypal.com
104.108.47.187
104.108.68.187
104.111.218.17
104.111.228.123
104.244.42.195
104.244.42.5
13.226.155.107
13.226.155.82
151.101.112.157
151.101.114.133
151.101.193.35
151.101.65.35
159.127.187.12
172.217.18.162
172.217.21.230
173.201.249.4
18.195.36.108
2.18.233.201
2001:4de0:ac19::1:b:1a
2001:4de0:ac19::1:b:1b
216.58.205.230
23.96.109.67
2600:9000:2182:3c00:14:4f74:f880:21
2600:9000:2182:de00:14:6bfc:5740:93a1
2606:4700:10::ac43:a5a
2606:4700::6810:5e41
2606:4700::6810:a823
2606:4700::6811:4f6b
2606:4700::6813:9408
2606:4700:e2::ac40:8a05
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:801::200a
2a00:1450:4001:808::200a
2a00:1450:4001:814::2002
2a00:1450:4001:816::200e
2a00:1450:4001:817::2003
2a00:1450:4001:81d::2004
2a00:1450:4001:821::2008
2a00:1450:4001:825::2002
2a00:1450:400c:c0c::9b
2a00:1450:400c:c0c::9c
2a02:26f0:eb:389::13b8
2a03:2880:f01c:8004:face:b00c:0:8c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.194.80.163
52.200.184.6
52.218.232.80
52.42.194.20
52.58.188.112
52.94.230.189
54.239.29.3
64.4.245.84
014af6e582f253684e2cb9a7e63c347caa2962893d5c2b1e20e2ee1f6f023b79
06324d4849d5639cda90634913fa2132841fb1d8ca37323b3b683f7ff5c2ea96
066d79a7d568051fb84ee6f71214945a6fe746685567062467500bf712912131
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
092c29d549e604e298825e47aac34d389ced91269d0d695afc1652de66f93e91
0f5d8f04863ac53eb4e88eda5907df8a6f103ccccb14d462b31033a4159780e4
0fde6eea8d2877355e8ea1c9b2ddc9b88cf679deca8365f9252ca0d022143bd2
10a29e157660cf726616eaf4ef975358d50ae1e646d1f5f1fedb264ff73ffc2a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
116ecc9343dfc34597ba0850af31be7145ed8574986f45aaa91daf4baa8b99e9
127ee54d4cdbaff9594d2410eca09998f42b53b574dde19c24df5a1c636dc253
1449346947ba3d2266f702cc5488e1a0fb75ef67cdb105d5dbe178eff0af14b2
1963c9adae7a587781b18d3f22dd5b4827cd70534e11841b24507bff68f179f2
1e4a04be78cbd4f445a7d55a7fa893d9263c2a5a7cdc14b187f83d1466960210
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1f1c7200df30d6e65194fe5c344249a5b2dbe2d342d50e3e43b419102fe7d906
1f71f97e1ab6c14d60016a0503883dd415125e781137c6ed94e47ef9828ac143
20999252ac1e7d1618a12c2ba886e7890cef297ad9eb0a08bbde8cd27d79a8f0
2345395c646d1c9a3ac2753af47fd0ec9fc7246b80409a1a194ece131b2d27df
268d32771bdc600971ecba64038c7349ca6fe69abfede7bbad877e65ff336f1d
27842383d43efe979f71ffbbd7626be5da534019f8272ac95254c24ffd0f1e4b
2f6105ce9656689adcaf2848da002df1957f9a8814ddb596df80a56a75d71690
2f868a56d65e0f28982edca66c628415b8a665c9debc93c09c077671e19dc278
3a8787d9536a3d41bf06b83c8a98f7bc7746649b4c9d55103c0ee5282636444b
3d61f511a1bdc441e3b0e1ce33ead66e051aa0f6e39f6c2e428468a1de6d5496
3d73abab391ff929484d75a93d2b20d9bf05470018a6729da44619e60c5ef7ae
3d9694d4605fd934422db49544a5f583e630f0af9ac297573a04f7a825266972
3f30064280ef1eb75a94839747011fdc11f545d3a6a17c86a6d9b5536ade9903
43a1d4f18120648c849bbcad445218789a24204d767177a7ac03db54231c5c4e
4409b0786171835b0e6ec2fb4a8b8d94a41f1d599374ba1d03b91eeab860eb5a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45f81d389fbd1a796520e7bbcdde57c9a7446898f109a9c88a9000dba250b813
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47b0dabb476068ff9a013a78bed7c1549786c953e180c5f3bd5045db00a456de
47bb976398f1654ec19b8bf5fe0527da48fb8ee29bb6fc2950bff4f687efefd2
48d02d1758575a3ee0e7ba8a0a1c29666b4f55a00d1bf15fd1703897febf4cdb
4a8df52b71e0fc738da41e818f6b0e5e9d8fc116b65b56d017a237245b4383fa
4b51abf9baefd1b96bb9e0d0a846ce115889ed8bab3d1de48298da81909bb5f2
4cfb09552b38c4f7eae409ad785a027791666f216ba0fd60c0f3cf8fa1de32d0
4de7523e4e21393b6c2416f444095201a39f1031fcc30a895f419a5a68eec3fe
4e16e1eb5590fbbca2c65e0db9111cfd25303e2599fcbd0b035fc13672dd34fd
4e7e09acc1fe85f5113ec796055fb40011a09f1c59233949cbd96d5cb0abc57b
56c2d4412df23862b7f299aff378454135fa4b8d43ab90920ebc44b4af33bc7a
5a0f3b23a57c4c0f9d74608e5d1245526b0f177ac67fca1e49b5117c50f06ddf
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
5d919e67b3ddbc780eb3a6af5cef3ff6d49fe7847856969f094a1e559afb2205
61a18234a303515dbd18c97721dacb2cdaa64fba0d694aa76f68b8f901dbd599
64a34f2161be19ccbb6abb0a22e6d648938f0d11df7b36e321e58eeca287e33c
65fd17c0820fd15b5ee087d10d0e5fc3a31a4103c1935dc980f6392708fcdbe7
663c301b48aac8360caab5fa86390b21ebc19caa50a08fb7485fcae66ff029cb
6963a88788ac08f890682e5cacc062cc94135d31306c43ec838ef6ba5b467a7d
6a5766455ceaf374cbc394346b0aaf70483c51ff86c3a6be2836988ac22740bf
6b367808aa8b39c622422e8e5878b7ce730795c57d84dff80de45629a4910543
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508
6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8
7201db2455da0512c27e081655cfa176771bda32306aeeddadede2a956d4ecbd
740852539aba54d596f5e284cd41d26af2d7f162656b6c6e40455183c66cda9b
745ec3284cec6b06537ee1ad60d268496dba4cc3686d2b6f7a39725d9a09c1db
76e176c84a00ae3eea4b5199270046d6c7f4873b19e4ce77d6e1ee48d8896cbb
7d42fd2cf7adef6e2ca9b9b706eef67e44e0f120c1435ea233807b8eda62fc55
80a501b2d3e77be83e3f7464b0e39f8dcae689ca96ca1290f606caa8eb8e5c88
82123a4a27c22cd5fbbbaf18d1572dbdbd5570d03ce04045168ae11e0d81e024
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8540463f52917494e0304ce808904dbc989ad258708ec6aff520846653bd28bf
858265dc0b08c8a5788c445325db30a760296ec6e8e0aa03a34ff7310d1025f2
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
8ba7f93799c56a68dbaf2c305dd9be536185bc2911db4e4d3a885300cf9a0ca8
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8f6fbd0a8f46bf5ad5a27f97e723ed2b1e5e3c3042a61917b2ebbbb5024d38b9
9142c57f3e0bb30ea607f4437caf1b41b0c6632e47218cb4dbcfcbb63a6dbe1a
919e2e4a6d42c6244f120a3977c4be26d6bbf9ad55648c188f77f2eda27d8cbf
91ac221eac84421ab7f7bfff56123c800e3f23b9a05fc46aafac8981f8353edf
926d83ad6e61996b79f32c7912258f16f6a8e628819fd6a5ca2bd1a5f6db43dd
92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9412fa4d1f7f5eb081d720c03648a1946fea87e31a564377f338835ef8051ff6
95552798e18011dd8221d572fb7d0b7761adfab33ae28d226500bb9ae92dc2eb
9613544ac59504c4618676045a6a586f5655ebbc28d7192030099934c9b8b8b5
97a2cf56a2204fcdf31659b0ae0f7bdb978232020428e207e09dc5e50790a786
98b3047cca6c09036e718abed042ca3cd035918616aa43ed0c4ae4ab317809e5
9a87d97587f0dcf5a6f0a1c3a43b19cc89753cc58876d85a01bd57e5c03ddf99
9abb30df9217bbe5556e1759dbcce0867f5eafac7224af2d9ddb63541cd1a1ec
9af38a7bc362e8ce0cef0ffde0ef646db114d325406420cd4e89c39aafc03d0a
9c14f559d6bfffc3dd361a9210d53b43b780f8f9e84812248f789a80951102ae
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a4098719dbb1dc018a4087ed35e652f5a4c44e89ff9d93613dc4dbdd22a1d1c7
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
a69b445eb2ae9f5ae720b6283d427c2d0eb591148f3a2a05d0298936c6660fc4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acfa1f03ac087fc08ca7389b23f01c47b31c6d00d412a21d9342af3c070fff57
adbd1654e5d704aca41097a929152fa46378fc89d4ff4bf17fe1fee251aff8e9
aee55f1d6a13bb89ad87b393b9a3b335ef580e75d08b50e9efb21699da4fe857
af24b34d4f32afaf47f085e5856b5ca3ebbe6795fc12bd8ae799b94098eb0723
af6d2d5331d49b61cc953ef7aa0839c6d2439024202691ffecbc14469a139ac9
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b41a980d1f833373f29b49b63549f39f2e28ef46b62011bc697bff0b2b7c2529
b4e1d12972d3a5ff8b5dc2b8bb5e0fc1d18eb027e0b724d23077fe88ccf34790
b57a0a6a1e1ee7857dec86e9e8ac0366804fec4a60932bf14ec40172a8c81412
b7633978f54553fe3110508200aed6435480713f1c7396a85b8c633e98ed9de9
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
bca29bc35bf60ea6910d2afe585035f2ca526be1b377ee553738df89db67c90d
bd93665c8a21dba8190075cf5b7925d7cd5d1f71d46ae2d615061eb3f472be91
bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68
be007086fab74f7e00bc31638e0263bad928f5c589fe6b7baab5dc2928aeaa7b
bea8356373e9749dff107019f34ce4b85e5126f47b2234de5cbc50a517116210
bf93d2a2b82edd666a07951571bcb47fcc0bf4c13206d39e673615adad12418e
c1067ea5a1150a18a456fe27ad7e29a8f1af2dd45e89ebcbea609b94f03a85ad
c213b86a386b7a0528d39ecb548e52794996e34e9606f57a68eb00c7330f7c57
c2d41e8c20832fada3f9757cb99cf8a9d6f247b56f4a06eb17b79f9d50af2ba3
c4b2d7a02fed68561be87cf97d0faad6cca60b1a7baa7f7fc356e876a2a1be1f
c7ba66613fdc9b9f865f92a5dfaf54459b198714038e032dbad0290fd330767c
c89a2f6020ee084bc79111bb5eb32eb83fbc93fe4cad4d49d7663ee5d76e63bf
cbadf1f97b9c2b3263f2a3ec354d7cd3a997195b19ffb22e8e032eae20a44026
cd8daff62f8e509deba6711633104d9f213f7ebb4d38dc9cd444ae4dfadc0f59
cddde8d76abdaadfbaf992e1fa78c600122da8028cd6026478ada12b69db1ea1
d03b6dd1fd17ef73fa7ec5632c4fc18a60208b2c7960191b252eabbfe7a3b2ef
d25a2b659f94bcc0649418dff88d0fdca830eb92dffe26bd98d88425a0894e2c
d31bef450ee67b64f9b70bfdf41fe4e00c65438705cc1fbb48ea6026d3a5d697
d7f282a03ee129e026d955f33b50a3e71b50ca4e2162a035cd01d6173f5822c0
db5ed483f2c6ab5afbcac433bf876688cbde9f16a082d48901a33133761f6626
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e005972ec0428d9a765b1b28d5e6c3e19d13727e477423d7136a4bffbd843309
e0973809e1973333289da731aac99e52f553c42e9b8af77d1a6d39d2fd2d04bf
e2fb3a382b3393e5b57be20d3b42ac1bc375a1cd17022bb056344265d690d837
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42f7806fd699d172d728f73f966a5d173cad2f4091aeed75cdb6ef611b4396e
e4fa5da308a5c0c487cc4706eab01b2cc7622bc919f20d8b69b432c07bc4800b
e5b99336fd6c8080d60dd13a17097121df45c4e8120867f7c66f00c96e579279
eb480c362421e90e4fce9a32de23bb0494608636f6545de2788394eeb53d6dc3
ec4df20e7a0ba36531199bcc424d84c2dbd2a0d816c94a1348d873f0fd53e3fe
ece140dc1031a47037dee623c5e54a4e6dedc756f164dc663948e91f39f299b0
ed551aa2e52b208be922703a4e4d192e4aef375f3bf8261d5cb6dfed9288b89f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efcccab6ce2d0e94d011471bb9fbce68344fbf387472d157c33b726558d66cf8
f05b1bfe0ba17ee79b6d32a84f86c53d597d19052d77d9d4209099ebe3caf332
f318a7545efb82dd863f74cca6247b671db78ea14c6bc8035f659e436f45a4e8
f70ad01b77c844be8f9b2f3312bc97c57e192e0b0feafcb03f788379b1f51e60
f7d27b4f4c14f5f2d7186077923b7571eff9243614aba0e76013aca272838f4c
f80d350fa6e55dca568843208b17dd96d4baac672a187ea29139cc5e1bf4b623
f970fbd589193a1f995a5d1f8a3ace46081fd4707ca49dd4b1ae0816146901fa
f979d664f85f9289bf9682c7fb690e1b8d73703190b2d5d1735b29b025d2c27d
fb7f2e5f6f5eede3b3a372630fdbfc83fce04d00c4a1c8fc94392aaf9f38f469
fbf7e70d3faced110412e5e31dd3fa176d321e72cbd3c721fd73e19a31ed2ecb
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.marchofdimes.org Open in urlscan Pro 2606:4700:10::ac43:a5a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

184 Requests

99 %HTTPS

48 %IPv6

39 Domains

55 Subdomains

54 IPs

6 Countries

2412 kBTransfer

7603 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

184 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.marchofdimes.org Open in urlscan Pro
2606:4700:10::ac43:a5a Public Scan

Screenshot
Live screenshot

Full Image

184
Requests

99 %
HTTPS

48 %
IPv6

39
Domains

55
Subdomains

54
IPs

6
Countries

2412 kB
Transfer

7603 kB
Size

1
Cookies

184 HTTP transactions
0 data transactions