secure.everyaction.com Open in urlscan Pro
45.60.33.183 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Submission Tags: phishing malicious Search All
Submission: On February 22 via api (February 22nd 2021, 2:44:43 pm UTC) from US

Summary HTTP 40 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 40 HTTP transactions. The main IP is 45.60.33.183, located in United States and belongs to INCAPSULA, US. The main domain is secure.everyaction.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on May 28th 2020. Valid for: 2 years.

This is the only time secure.everyaction.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	45.60.33.183 45.60.33.183	19551 (INCAPSULA) (INCAPSULA)
6	2600:9000:206... 2600:9000:206f:e00:12:303c:8700:21	() ()
1	65.9.20.68 65.9.20.68	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
11	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
4	40.114.241.141 40.114.241.141	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
40	11

12 45.60.33.183 (United States)

ASN19551 (INCAPSULA, US)

secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fastaction.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:206f:e00:12:303c:8700:21 (United States)

ASN- ()

d3rse9xjbp8270.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.20.68 (Orlando, United States)

ASN16509 (AMAZON-02, US)

js.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 40.114.241.141 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	google-analytics.com ssl.google-analytics.com www.google-analytics.com	36 KB
8	everyaction.com secure.everyaction.com	29 KB
6	cloudfront.net d3rse9xjbp8270.cloudfront.net	373 KB
4	visualstudio.com dc.services.visualstudio.com	398 B
4	ngpvan.com profile.ngpvan.com fastaction.ngpvan.com secure.ngpvan.com	4 KB
2	doubleclick.net stats.g.doubleclick.net	514 B
2	googletagmanager.com www.googletagmanager.com	71 KB
1	msecnd.net az416426.vo.msecnd.net	38 KB
1	verygoodvault.com js.verygoodvault.com	24 KB
40	9

	Domain	Requested by
11	www.google-analytics.com	www.googletagmanager.com secure.everyaction.com az416426.vo.msecnd.net
8	secure.everyaction.com	secure.everyaction.com d3rse9xjbp8270.cloudfront.net az416426.vo.msecnd.net
6	d3rse9xjbp8270.cloudfront.net	secure.everyaction.com d3rse9xjbp8270.cloudfront.net
4	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	stats.g.doubleclick.net	az416426.vo.msecnd.net
2	profile.ngpvan.com	d3rse9xjbp8270.cloudfront.net az416426.vo.msecnd.net
2	www.googletagmanager.com	secure.everyaction.com d3rse9xjbp8270.cloudfront.net
1	secure.ngpvan.com	az416426.vo.msecnd.net
1	fastaction.ngpvan.com	d3rse9xjbp8270.cloudfront.net
1	az416426.vo.msecnd.net	secure.everyaction.com
1	ssl.google-analytics.com	secure.everyaction.com
1	js.verygoodvault.com	secure.everyaction.com
40	12

This site contains links to these domains. Also see Links.

Domain
fastaction.ngpvan.com
www.everyaction.com

Subject Issuer	Validity	Valid
*.everyaction.com RapidSSL TLS RSA CA G1	`2020-05-28` - `2022-05-28`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.verygoodvault.com Amazon	`2020-04-17` - `2021-05-17`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.ngpvan.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-01-14` - `2022-01-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 01	`2021-02-11` - `2022-02-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Frame ID: 3024E7ADD46B0C8D74507662D60F91D2
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

40
Requests

100 %
HTTPS

70 %
IPv6

9
Domains

12
Subdomains

11
IPs

4
Countries

576 kB
Transfer

1768 kB
Size

17
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://fastaction.ngpvan.com/##whats-this
Title: ?

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid_signup
Title: Sign up with your email address

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/facebook
Title: Facebook

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/twitter
Title: Twitter

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/terms
Title: terms of service

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/privacy
Title: privacy policy.

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid
Title: Log in with your email address

Search URL Search Domain Scan URL

URL: http://www.everyaction.com/?utm_source=act.myngp.com&utm_medium=poweredby&utm_campaign=ngpnext
Title: EveryAction

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set xhLYxu6630iRW7Ebg7a38g2 Show response
secure.everyaction.com/ 9 KB
5 KB 154ms
114ms Document
text/html 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0cef789e7fa300378a4b714a13b98eae72f124700d5e8939874f9d16f953fb19

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: secure.everyaction.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Access-Control-Expose-Headers: Request-Context
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Date: Mon, 22 Feb 2021 14:44:19 GMT
Set-Cookie: visid_incap_823975=fo1uS+hnQCOYHemzsnfOoEPDM2AAAAAAQUIPAAAAAACBzjgfNAyabVZrVZM5i3Yf; expires=Tue, 22 Feb 2022 11:31:14 GMT; HttpOnly; path=/; Domain=.everyaction.com nlbi_823975=BX6VWrkj225V+f1tOu0ZEgAAAADAqEDGHQnIIQHLJv7V95Zv; path=/; Domain=.everyaction.com incap_ses_765_823975=bKBUDMYvG25/gg03xtOdCkPDM2AAAAAAHoOAobqSahVUmhhAY2yBUg==; path=/; Domain=.everyaction.com TiPMix=21.981302798717; path=/; HttpOnly; Domain=secure.everyaction.com; Max-Age=3600; Secure; SameSite=None; Secure x-ms-routing-name=self; path=/; HttpOnly; Domain=secure.everyaction.com; Max-Age=3600; Secure; SameSite=None; Secure ; Secure; SameSite=None; Secure
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 14-2124317-2124324 NNNY CT(0 0 0) RT(1614005059027 18) q(0 0 0 0) r(1 1) U12

GET
H2 200 at.js Show response
d3rse9xjbp8270.cloudfront.net/ 817 KB
231 KB 37ms
12ms Script
application/javascript 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 996ffd46f2566a2170f5e5c45800ce8fdc1825b196ce83d2981ad1127b1b20d2

Request headers

Origin: https://secure.everyaction.com
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 21 Feb 2021 16:08:09 GMT
content-encoding: gzip
age: 81589
x-cache: Hit from cloudfront
content-length: 236099
access-control-allow-origin: *
last-modified: Tue, 16 Feb 2021 16:03:32 GMT
server: AmazonS3
etag: "fa0d45913d7d86d8161582c3b86e6431"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: MsGYXVmNCpmQUAxt_dP5NXevTZfLa3FnSa9rmP5wxwBNTgeMiK6VXA==

GET
H2 200 at.min.css
d3rse9xjbp8270.cloudfront.net/ 111 KB
21 KB 31ms
7ms Stylesheet
text/css 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.min.css
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 52715779b2de847f7a347e8da45f3b0bca481e7c484d6ecca1271b4cbd4e5279

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 21 Feb 2021 16:08:09 GMT
content-encoding: gzip
age: 81654
x-cache: Hit from cloudfront
content-length: 20615
access-control-allow-origin: *
last-modified: Tue, 16 Feb 2021 16:03:32 GMT
server: AmazonS3
etag: "874c2247f60c3b9731e89f1cc53061cd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: edqLclD7s6EJdosGvXdp36loGXXIHGmHm-bqiwXAHpbzvg_QioB8pg==

GET
H/1.1 200
OK published.css
secure.everyaction.com/Content/css/forms/ 389 B
546 B 361ms
360ms Stylesheet
text/css 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.everyaction.com/Content/css/forms/published.css
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 0bb4162f0b42086a35ba69b25bbebb373401777a9fbfee8e45b56f502cff7a64

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 22 Feb 2021 14:44:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Feb 2021 22:42:40 GMT
X-CDN: Imperva
Etag: "0b061327e5d71:0"
Content-Type: text/css
X-Iinfo: 14-2124317-2122689 2VNN RT(1614005059027 141) q(0 0 0 -1) r(4 4)
Content-Length: 237

GET
H/1.1 200
OK script-error Show response
secure.everyaction.com/js/ 246 B
1 KB 175ms
125ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/js/script-error?v=LR3iM4M7kAES0Kfs-kdOEFlJ6eRhSmwTVMRMKnRLIxs1

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b8492fb2692042df038f6ed3a0f874e72125916c0cbe1570f59b991c78039f3c

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
X-Iinfo: 3-10104063-10104066 NNNY CT(0 0 0) RT(1614005058801 25) q(0 0 0 0) r(1 1) U4
Content-Length: 274
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Last-Modified: Mon, 22 Feb 2021 14:44:19 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 22 Feb 2021 14:44:19 GMT
Vary: User-Agent,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Expires: Tue, 22 Feb 2022 14:44:19 GMT

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 135ms
40ms Script
application/javascript 65.9.20.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.68 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf

Request headers

Origin: https://secure.everyaction.com
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: MIiZqsZIbmUuLBPCQnATi6p_MgrmaU_3
Content-Encoding: gzip
ETag: W/"f3cecf4193fb217244937c56bee4b1b6"
Age: 334
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Access-Control-Max-Age: 3000
Connection: keep-alive
Access-Control-Allow-Origin: *
Last-Modified: Fri, 13 Dec 2019 10:03:51 GMT
Server: AmazonS3
Date: Mon, 22 Feb 2021 14:38:46 GMT
Vary: Origin
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Via: 1.1 7ec84fa8ea386135e27faa4bc393cabb.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZAG50-C1
X-Amz-Cf-Id: _-BYBIx-3W61iqzHY57ixWCpWkZ_AwNO5TQocQa5V6IMKiK-pTQeJw==

GET
H/1.1 200
OK _Incapsula_Resource Show response
secure.everyaction.com/ 135 KB
19 KB 30ms
30ms Script
application/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.everyaction.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1038957998
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 46645c836185a526751a83fdf59c15e80aa51a2930495ff189539267e101f961

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Encoding: gzip
Cache-Control: no-cache, no-store
X-Robots-Tag: noindex
Content-Length: 19545
Content-Type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 107 KB
37 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0ca2544c5b06196d7587a16975aa08b56d8502ca6af60ab3442720546835c244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 14:44:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37436
x-xss-protection: 0
last-modified: Mon, 22 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Feb 2021 14:44:20 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 3775
date: Mon, 22 Feb 2021 13:41:25 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 22 Feb 2021 15:41:25 GMT

GET
H/1.1 200
OK _Incapsula_Resource
secure.everyaction.com/ 1 B
123 B 16ms
15ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.everyaction.com/_Incapsula_Resource?SWKMTFSR=1&e=0.21202754753687092
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
X-Robots-Tag: noindex
Content-Length: 1
Content-Type: text/plain

GET
H2 200 ai.2.min.js Show response
az416426.vo.msecnd.net/scripts/b/ 125 KB
38 KB 26ms
7ms Script
text/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F5B) /
Resource Hash: 2f4e3e28aeb435afc9528382b79d0ddc2a19cd3485998874b7d9ed502f8fd9c9

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Feb 2021 14:44:20 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-07 00:07:47
content-md5: KgAEVir75okvQY+ndtbz2w==
age: 1510
x-cache: HIT
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.5.11.min.js
content-length: 38084
x-ms-lease-status: unlocked
last-modified: Mon, 25 Jan 2021 18:46:55 GMT
server: ECAcc (frc/8F5B)
x-ms-meta-aijssdkver: 2.5.11
etag: 0x8D8C1619682E7DB
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: b894ea3e-c01e-0041-2725-09cf82000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable
x-ms-version: 2009-09-19
expires: Mon, 22 Feb 2021 15:14:20 GMT

GET
H2 200 identity Show response
profile.ngpvan.com/ 72 B
1 KB 422ms
378ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://profile.ngpvan.com/identity?callback=_jqjsp

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / Express, ASP.NET

Resource Hash

4ad9aea92b0a2fcf8fb96276a85ef4b7254168c9c6c888cd67877b16632aaa39

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 14:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi OUR OTRo STP IND COM NAV DEM"
x-iinfo: 12-496486-496488 NNNN CT(0 0 2) RT(1614005059787 0) q(0 0 3 0) r(4 4) U19
x-cdn: Imperva
content-type: text/javascript; charset=utf-8
content-length: 192
etag: W/"48-l4W+a7xH+BqdQq4cipxD9fkGWys"
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 97 KB
35 KB 66ms
51ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

443a85918cd89ff543b8ff82bd00f1e274c46610b4a5e4b4684a7e8ad8d05e96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 14:44:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35091
x-xss-protection: 0
last-modified: Mon, 22 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Feb 2021 14:44:20 GMT

GET
H2 200 extra.min.css
d3rse9xjbp8270.cloudfront.net/ 92 KB
16 KB 6ms
6ms Stylesheet
text/css 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 77c9f4fe6c9db8c0e431eebb322ae342a80d5d9e02c571b99c6e42a96850000d

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 21 Feb 2021 17:51:48 GMT
content-encoding: gzip
age: 75348
x-cache: Hit from cloudfront
content-length: 15885
access-control-allow-origin: *
last-modified: Tue, 16 Feb 2021 16:03:32 GMT
server: AmazonS3
etag: "7faedd2932b8ddf37c0536be65e86b4c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: 12d7g6nXL_oWMhWzqn_3IsHuX0Qa2KgyetzmNeZMSTQiJU-CF912SA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 3188
date: Mon, 22 Feb 2021 13:51:12 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 22 Feb 2021 15:51:12 GMT

GET
H/1.1 200
OK xhLYxu6630iRW7Ebg7a38g2 Show response
secure.everyaction.com/v1/Forms/ 3 KB
2 KB 139ms
138ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/v1/Forms/xhLYxu6630iRW7Ebg7a38g2

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

cd8b7d2cc071910292cb675eb5cb2cf5a6b0f469b3f8c0e91de22397034b87c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 14-2124317-2124324 SNNy RT(1614005059027 729) q(0 0 0 -1) r(1 1) U2
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Pragma: no-cache
Last-Modified: Mon, 22 Feb 2021 14:44:20 GMT
Date: Mon, 22 Feb 2021 14:44:20 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
ETag: "925fd710-8b6f-41bc-bea5-bd1df660607f"
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Expires: -1

GET
H2 200 ngpvan-logo-16.png
d3rse9xjbp8270.cloudfront.net/assets/images/ 617 B
1 KB 6ms
6ms Image
image/png 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/images/ngpvan-logo-16.png
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2decb492a5b143c935ba3f8b6a9a1dc970335e8981fb5f42b3ee7966735eeb16

Request headers

Referer: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 22:14:02 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
age: 1441818
x-cache: Hit from cloudfront
content-length: 617
last-modified: Thu, 03 Oct 2019 17:12:46 GMT
server: AmazonS3
etag: "3d6f9aab1e809b87c195e78264cb01f8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: rHqSv80u8jpnmyRf4vngNIJOCxqWAipUN-ldrrBtRXXPtb_2FcFyoQ==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
89 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-62682497-4&cid=913471337.1614005060&jid=1100846248&gjid=1437260612&_gid=700353299.1614005060&_u=YGBAgAABAAAAAE~&z=773888628

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Feb 2021 14:44:20 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 7ms
6ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAAB~&jid=1100846248&gjid=1437260612&cid=913471337.1614005060&tid=UA-62682497-4&_gid=700353299.1614005060&gtm=2wg2a1PM473M&z=1865639719

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 09:28:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 18946
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
69 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=145&_u=aGDAAEABAAAAAG~&jid=91408412&gjid=2062431993&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&_r=1&gtm=2wg2a15L2FSL&z=174257427

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 14:44:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identity Show response
fastaction.ngpvan.com/api/v1/ 186 B
1 KB 461ms
460ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://fastaction.ngpvan.com/api/v1/identity?callback=_jqjsp&_1614005060438=

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Cowboy / Express

Resource Hash

bb30f2566d599443f3d4551c9bd129966cae1b176e9f91a53347893d11083f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 vegur
x-content-type-options: nosniff
server: Cowboy
content-encoding: gzip
x-powered-by: Express
vary: Accept-Encoding
p3p: CP="NOI ADM DEV COM NAV OUR STP"
x-iinfo: 12-496515-496516 NNYN CT(95 216 0) RT(1614005060005 0) q(0 0 3 1) r(4 4) U18
cache-control: max-age=0
date: Mon, 22 Feb 2021 14:44:20 GMT
etag: W/"ba-KTD8Sv+dz36ALYr2S8JDCq361BA"
content-type: text/javascript; charset=utf-8
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3,roleName=FastAction

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 glyphicons-regular.woff2
d3rse9xjbp8270.cloudfront.net/assets/fonts/ 94 KB
95 KB 9ms
6ms Font
application/font-woff2 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/fonts/glyphicons-regular.woff2
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591

Request headers

Origin: https://secure.everyaction.com
Referer: https://d3rse9xjbp8270.cloudfront.net/at.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 05:12:09 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
age: 34332
x-cache: Hit from cloudfront
content-length: 96388
last-modified: Thu, 03 Oct 2019 17:12:45 GMT
server: AmazonS3
etag: "aca35251952e72d9e32d41217f0f97ab"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: EaeKGbFoA38LyDWySblWuZXvyhec9w7HHuCeqHaPzcl_gz1nueVMuQ==

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
425 B 54ms
14ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-28243511-23&cid=913471337.1614005060&jid=90607359&gjid=2115865418&_gid=700353299.1614005060&_u=aGHAgEABAAAAAG~&z=742170542

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Feb 2021 14:44:20 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
24 B 14ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=913996627&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=PetitionForm&ea=Form%20Load&el=Minimal&ev=4&_u=aGHAAEABAAAAAG~&jid=80717499&gjid=244109568&cid=913471337.1614005060&tid=UA-28243511-23&_gid=700353299.1614005060&_r=1&gtm=2wg2a15L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FTSM%2FTSMEA%2F1%2F86824&cd3=4802690&cd4=1039053&cd5=sb_obr_20022121_e_resign-chris-west&cd6=xhLYxu6630iRW7Ebg7a38g2&z=15818669

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 14:44:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 12ms
11ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGHAgEABAAAAAG~&jid=90607359&gjid=2115865418&cid=913471337.1614005060&tid=UA-28243511-23&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FTSM%2FTSMEA%2F1%2F86824&cd3=4802690&cd4=1039053&cd5=sb_obr_20022121_e_resign-chris-west&cd6=xhLYxu6630iRW7Ebg7a38g2&z=1596072731

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 07:56:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 24446
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 12ms
10ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=266&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&z=1173475656

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Feb 2021 19:41:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68575
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK xhLYxu6630iRW7Ebg7a38g2
secure.everyaction.com/v1/Track/ 0
609 B 115ms
113ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.everyaction.com/v1/Track/xhLYxu6630iRW7Ebg7a38g2?formSessionId=7bd43fc5-48b8-422a-ba91-3fae074e9614

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Imperva
Date: Mon, 22 Feb 2021 14:44:20 GMT
X-Frame-Options: SAMEORIGIN
X-Iinfo: 14-2124317-2124324 SNNy RT(1614005059027 1403) q(0 0 0 -1) r(1 1) U2
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 fast-action.svg
d3rse9xjbp8270.cloudfront.net/assets/images/ 9 KB
9 KB 9ms
6ms Image
image/svg+xml 2600:9000:206f:e00:12:303c:8700:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/images/fast-action.svg
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:12:303c:8700:21 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 21 Feb 2021 23:34:37 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
age: 54584
x-cache: Hit from cloudfront
content-length: 9203
last-modified: Wed, 08 Jan 2020 18:06:45 GMT
server: AmazonS3
etag: "babd47dc25531a9faeadc04f1afa1910"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: EOvbJHt-Qa9r6uR-XsMgUw5fxxtfGyHElZZkyrejqGVydzcPVWKJ3A==

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 11ms
9ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Render&utt=17&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&z=1187329567

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 10:13:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16228
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 11ms
9ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Fill&utt=4&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&z=408516865

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 04:30:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36813
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 13ms
11ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Form&utt=667&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&z=1522659515

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 01:47:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 46636
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 13ms
11ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Total&utt=766&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-28243511-22&_gid=700353299.1614005060&gtm=2wg2a15L2FSL&z=291993332

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 10:06:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16641
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nvtag Show response
profile.ngpvan.com/v2/data/w2Sqx04J2ztrPZEl_z0P53w9/ 2 B
946 B 483ms
433ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/v2/data/w2Sqx04J2ztrPZEl_z0P53w9/nvtag
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 14:44:20 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
vary: Origin,Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.everyaction.com
x-iinfo: 8-3446140-3446142 NNNN CT(0 0 2) RT(1614005060113 0) q(0 0 3 0) r(4 4) U12
access-control-allow-credentials: true
content-length: 123
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 8ms
8ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=913996627&t=timing&_s=2&dl=https%3A%2F%2Fsecure.everyaction.com%2FxhLYxu6630iRW7Ebg7a38g2&ul=en-us&de=UTF-8&dt=DEMAND%20CHRIS%20WEST%20RESIGN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1540&pdt=1&dns=8&rrt=0&srt=113&tcp=31&dit=565&clt=565&_gst=670&_gbt=809&_cst=530&_cbt=635&_u=aGHAgEABAAAAAG~&jid=&gjid=&cid=913471337.1614005060&tid=UA-62682497-4&_gid=700353299.1614005060&gtm=2wg2a1PM473M&z=1329529879

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Feb 2021 06:02:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 31325
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ 0
0 58ms
17ms Other 40.114.241.141
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Server

40.114.241.141 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,sdk-context
Origin: https://secure.everyaction.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-methods: POST
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin: *
access-control-max-age: 3600
x-content-type-options: nosniff
date: Mon, 22 Feb 2021 14:44:20 GMT
content-length: 0

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
212 B 575ms
575ms XHR
application/json 40.114.241.141
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.114.241.141 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7acd994005f04a39f775d8d21a566ab63a04cc7c3bfe0f25f0ca50c069cac6b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: A410BD8E-1B7D-481A-B5CB-010B9242982B
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Mon, 22 Feb 2021 14:44:20 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length: 96

GET
H/1.1 204
No Content w2Sqx04J2ztrPZEl_z0P53w9 Show response
secure.everyaction.com/Databag/Profile/ 0
712 B 105ms
104ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/Databag/Profile/w2Sqx04J2ztrPZEl_z0P53w9

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Request-Id: |c9582f3db349493590373125a00a119f.bc2a2b8888ad480e
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Imperva
Date: Mon, 22 Feb 2021 14:44:21 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
X-Iinfo: 14-2124317-2124324 SNNy RT(1614005059027 1914) q(0 0 0 -1) r(1 1) U11
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 204 w2Sqx04J2ztrPZEl_z0P53w9 Show response
secure.ngpvan.com/Databag/Profile/ 0
877 B 398ms
383ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/Databag/Profile/w2Sqx04J2ztrPZEl_z0P53w9

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-cdn: Imperva
date: Mon, 22 Feb 2021 14:44:21 GMT
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://secure.everyaction.com
x-iinfo: 12-496730-496731 NNNN CT(87 179 0) RT(1614005061048 0) q(0 0 3 0) r(4 4) U11
access-control-expose-headers: Request-Context
cache-control: private
access-control-allow-credentials: true
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ 0
0 18ms
17ms Other 40.114.241.141
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Server

40.114.241.141 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,sdk-context
Origin: https://secure.everyaction.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-methods: POST
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin: *
access-control-max-age: 3600
x-content-type-options: nosniff
date: Mon, 22 Feb 2021 14:44:35 GMT
content-length: 0

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
186 B 734ms
733ms XHR
application/json 40.114.241.141
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.114.241.141 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

57149ea95179093ec36fbc0960ab9f2cd922538202c64a401e10971304fb0a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/xhLYxu6630iRW7Ebg7a38g2
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: C84CA18C-150C-4D94-83C1-F6346048D8A7
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Mon, 22 Feb 2021 14:44:36 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length: 96

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.everyaction.com/	1970-01-19 16:20:05	Name: _gat_UA-28243511-23 Value: 1
.everyaction.com/	1970-01-19 16:21:31	Name: _gid Value: GA1.2.700353299.1614005060
.everyaction.com/	1970-01-19 16:20:05	Name: _dc_gtm_UA-28243511-23 Value: 1
.everyaction.com/	1970-01-20 09:51:17	Name: _ga Value: GA1.2.913471337.1614005060
.secure.everyaction.com/	1970-01-19 16:20:05	Name: _dc_gtm_UA-62682497-4 Value: 1
.secure.everyaction.com/	1970-01-19 16:21:31	Name: _gid Value: GA1.3.700353299.1614005060
.everyaction.com/	1969-12-31 23:59:59	Name: nlbi_823975 Value: BX6VWrkj225V+f1tOu0ZEgAAAADAqEDGHQnIIQHLJv7V95Zv
secure.everyaction.com/	1970-01-19 16:20:05	Name: ___utmvc Value: HoH7aQjeBWTFFLHYww4sZ2Vua/FYNq0vUEN/+ra9ceJXw8zaRdANRmVj9Fi+71OeDollxDPz18YaKd60FBbshWsoaxGIrJ+paDyuNvyCHn3ScmjDkit0V3ye/XTA3YmVVFEhjDORF7qtlKQo1BKvoS2LHEs9Zxj8eNiBIIbyc2/uvdm4FX0XLGZUkJlyy72L7I+GuPIB78xs0ExG74C3YJ2vdiE7WtbV/SlLUJJ9X8geJGSCPAOjgFqvq6MOFF/gWwfBk8KbqtpWLFMtp4Nv+TJ765Yj5/bVaIbOIbt4GHixToal9M0f3BXTHFsX7O99Zj7rrN3cWmbudtKMlGP+dm9ITh3RSXn73Bmgt4j7JXk/G3NwKk0LSZ0bQwtxQwBzIQ3O9fcnjmpr5Net6CAYbrGUL40TzP7anY/zIZoZPfA1TaRZQNEEgRnqZq12kk/8WuiHsmpMvjOhRjCaceUs9asZpK4iRIfhVU5H1lCNpd5VNt1e6pdwmlY2Suhe5sm4eG7KDCQUGj8MfZfdZpAERnCV/k5IkPDGJlo3dzJpPhel5G2ylROK2jQgP2YkVWu/SnSceVUK/oBy2LISg5Tz0PprVAh+dluE+BYdga6ZHab3P4lUr4tIVKAuplNa/QSWc3YjMRzdtxQ5NF6Kng+IuXZm1CtnhvJEnukNpzqWPSknI1gMPC2wrLoSXX+gHcEHwYLz5RhVggvXPhDEfWNMToj981aR5jFSW6xTUbc6Q+xFD1hxjIKMlhO7fsfFfnkAUkXDHbOtqRYXxChC1DygsKkMu3k8J/5zBjc+Hp6XCtpoQ1vr1FZKKEIgYONoQfF0CXZH3Yd5ZQ1oFhbAYOgxBhwJHt3TmLfrCt9OuwjcmEgWX/4t3Fq1I/pkWsnG/Ka+vgZbeY1kC/zZyxKcY7QoyBFYT+dn8fh4xrVIfl6vFt0ROzsjuZAWQUV7FsO0qGDQ7/hR3ArbX+YpKQZhgpGScH88NOrceUBlNLB+xbsdT7HXGBrpPe9jtfWonxoS6BH9h+bN225nxWgx3Dp/NSiuJdws0jzLU5lD93b9npG+gnjyYgRcz0AfUk5+5sgTjkP8PZjDuotsxvOeEpZ2kEpjc4FhTscXe+tgaC6W0Kju2x9TDCSAD5FA7N0iBtDnAJ+YSsfglPvPsNbZR1FDG1OFtNMF1gkpjoGfq9fTxwhXNCRVS6L52Zdyk7JNeQ7b7CK3MSh7+vgk0evN80ep8X9IgkmUFuPyFe5wcuLoFc30du/GJFp33VOtjHs4aGA1K+sgtlwJ7xQcGN05L9NEQ6GpeV4Azd/DDSVlcNU38kRDBGWo4bBMwpgIXw8lYvoZvqbyhq0hiw8LeGA6A2Av3FS4Z4mbYEU2urF+1K94nkv16KuCgQ7xMd4yDrjq4iTIwQk6gxlWfHeHGQbe2zem0/S+HUI27OiTbI/kNtoKgBQ98G7rVKldsR6U8ogFCmjCponiXEeGJ1mW5JXVV8Qhjcpp5bEX3nTv/UGg8B8HEWyvqhMnhOdx3RdlWbvbvd6rEe6ocGNCMBufWbp9HaJvHnNeFq/zg/TmdD3mM6h6KfW3rwnsTB3AqaT3aiQcGyVk9Vtmer/dfHsBOS8aqdV6aMZC8LJnMcU8OXMqtzNFxIkL6O/rp79dY02X+Vc7vgT4cr3gIogHw1aea/kNXBjYo9K7bSD4DWL4sMp4xVLmcJw3NKc3W99p5Hj+OkZ81X1fSmCkiBRt8Qhd/cr+rrMV35u+QGawRwQtW8Xn97XUrwTahh4JqLxrAlJPO5ESM9leIF5Z0hesG0htW60o1TWSV/ZRMGrjBiMUC+JvsTc29WNUHR6seqFjLLBRJ6/WoHXI7dClo4dgJy/7svHtoBpn+I3Tg0G3vcQ9uj4x0BPfZ0s8JazA71uytYNFew2+SIBd0ZAvzj6SvPgdseKoIxTd9Mk8F8ig1k/2Z6ExE24c4cbwQtS21Y13U68tSfBfES0kps6xvY3aehkAcCIxSgN4K1ji9EyxS//wPHASFZ9U+02bg/D66TU/+2O8LD8wG0/jJZRrLGRpZ2VzdD0xNDA3OTksMTQwNzcyLHM9N2FhYzc2NmE4OTdlNzg2NmExNzM4ODZkOGE4MThjOTY2ZThlNmNhMzlkNjU4MjhkOGQ4MWEwODM1YmFiOWE5ZjdhNzQ4N2EyOGY4ODZmNmU=
.everyaction.com/	1969-12-31 23:59:59	Name: incap_ses_1096_823975 Value: +hPPLkHemytV4VXdpcY1D0LDM2AAAAAAObn+MsZ6sdpUgx52/3OnHw==
secure.everyaction.com/	1970-01-20 01:05:41	Name: ai_user Value: wv42CzVOKozpSsXS5mEd7f\|2021-02-22T14:44:20.331Z
.secure.everyaction.com/	1970-01-19 16:20:08	Name: x-ms-routing-name Value: self
.everyaction.com/	1970-01-20 01:05:29	Name: visid_incap_823975 Value: fo1uS+hnQCOYHemzsnfOoEPDM2AAAAAAQUIPAAAAAACBzjgfNAyabVZrVZM5i3Yf
.secure.everyaction.com/	1970-01-19 16:20:08	Name: TiPMix Value: 21.981302798717
.everyaction.com/	1970-01-19 16:20:05	Name: _gat_UA-28243511-22 Value: 1
secure.everyaction.com/	1970-01-19 16:20:06	Name: ai_session Value: zhi2768WuBC6XZXdAqUjTb\|1614005060385\|1614005060385
.everyaction.com/	1969-12-31 23:59:59	Name: incap_ses_765_823975 Value: bKBUDMYvG25/gg03xtOdCkPDM2AAAAAAHoOAobqSahVUmhhAY2yBUg==
.secure.everyaction.com/	1970-01-20 09:51:17	Name: _ga Value: GA1.3.913471337.1614005060

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Downloading: 145.263916015625 ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Processing: 265.3310546875 ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Render: 16.2060546875 ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Fill: 4.39013671875 ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Form: 667.1689453125 ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Total: 766.669921875 ms

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
d3rse9xjbp8270.cloudfront.net
dc.services.visualstudio.com
fastaction.ngpvan.com
js.verygoodvault.com
profile.ngpvan.com
secure.everyaction.com
secure.ngpvan.com
ssl.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
2600:9000:206f:e00:12:303c:8700:21
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2008
2a00:1450:4001:827::2008
2a00:1450:400c:c00::9d
2a00:1450:400c:c07::9c
40.114.241.141
45.60.33.183
65.9.20.68
0bb4162f0b42086a35ba69b25bbebb373401777a9fbfee8e45b56f502cff7a64
0ca2544c5b06196d7587a16975aa08b56d8502ca6af60ab3442720546835c244
0cef789e7fa300378a4b714a13b98eae72f124700d5e8939874f9d16f953fb19
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756
2decb492a5b143c935ba3f8b6a9a1dc970335e8981fb5f42b3ee7966735eeb16
2f4e3e28aeb435afc9528382b79d0ddc2a19cd3485998874b7d9ed502f8fd9c9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443a85918cd89ff543b8ff82bd00f1e274c46610b4a5e4b4684a7e8ad8d05e96
46645c836185a526751a83fdf59c15e80aa51a2930495ff189539267e101f961
4ad9aea92b0a2fcf8fb96276a85ef4b7254168c9c6c888cd67877b16632aaa39
52715779b2de847f7a347e8da45f3b0bca481e7c484d6ecca1271b4cbd4e5279
57149ea95179093ec36fbc0960ab9f2cd922538202c64a401e10971304fb0a7a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
77c9f4fe6c9db8c0e431eebb322ae342a80d5d9e02c571b99c6e42a96850000d
7acd994005f04a39f775d8d21a566ab63a04cc7c3bfe0f25f0ca50c069cac6b7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
996ffd46f2566a2170f5e5c45800ce8fdc1825b196ce83d2981ad1127b1b20d2
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985
b8492fb2692042df038f6ed3a0f874e72125916c0cbe1570f59b991c78039f3c
bb30f2566d599443f3d4551c9bd129966cae1b176e9f91a53347893d11083f96
cd8b7d2cc071910292cb675eb5cb2cf5a6b0f469b3f8c0e91de22397034b87c8
d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf
dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

secure.everyaction.com Open in urlscan Pro 45.60.33.183 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

40 Requests

100 %HTTPS

70 %IPv6

9 Domains

12 Subdomains

11 IPs

4 Countries

576 kBTransfer

1768 kBSize

17 Cookies

8 Outgoing links

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.everyaction.com Open in urlscan Pro
45.60.33.183 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

100 %
HTTPS

70 %
IPv6

9
Domains

12
Subdomains

11
IPs

4
Countries

576 kB
Transfer

1768 kB
Size

17
Cookies

40 HTTP transactions
1 data transactions