secure.winred.com Open in urlscan Pro
2606:4700::6813:d359 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nolib.us/4vubsh
Effective URL:
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_Scil...
Submission: On March 12 via api (March 12th 2024, 10:25:35 pm UTC) from US — Scanned from US

Summary HTTP 165 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 30 IPs in 3 countries across 21 domains to perform 165 HTTP transactions. The main IP is 2606:4700::6813:d359, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 78857.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2024. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	99.83.253.106 99.83.253.106	16509 (AMAZON-02) (AMAZON-02)
1 1	75.2.108.118 75.2.108.118	16509 (AMAZON-02) (AMAZON-02)
1 14	2606:4700::68... 2606:4700::6813:d359	13335 (CLOUDFLAR...) (CLOUDFLARENET)
43	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:247... 2600:9000:247b:9000:0:7d26:ee00:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2607:f8b0:400... 2607:f8b0:4006:81c::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2607:f8b0:400... 2607:f8b0:4006:823::2008	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c19::5c	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:80e::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	38.70.189.71 38.70.189.71	399647 (RUMBLE) (RUMBLE)
2	2600:9000:251... 2600:9000:2514:1e00:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:fa45	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	198.137.150.201 198.137.150.201	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.40.198 142.251.40.198	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c06::9a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80a::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
17	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:808::2004	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
3	44.239.187.210 44.239.187.210	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
12	2607:f8b0:400... 2607:f8b0:4006:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2600:9000:21d... 2600:9000:21da:6c00:b:1d09:f200:93a1	16509 (AMAZON-02) (AMAZON-02)
6	104.19.219.90 104.19.219.90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
165	30

1 99.83.253.106 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ab309889489bfc98b.awsglobalaccelerator.com

nolib.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 75.2.108.118 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ab309889489bfc98b.awsglobalaccelerator.com

nolib.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6813:d359 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 151.101.0.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:247b:9000:0:7d26:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)

lh7-us.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:823::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c19::5c (Washington, United States)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.70.189.71 (Toronto, Canada)

ASN399647 (RUMBLE, CA)

a.ads.rmbl.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2514:1e00:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:fa45 (United States)

ASN13335 (CLOUDFLARENET, US)

gtm.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.137.150.201 (United States)

ASN16509 (AMAZON-02, US)

merchant-ui-api.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.198 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f6.1e100.net

9381094.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c06::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

r.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:808::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80e::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.239.187.210 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-187-210.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:80f::200e (United States)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21da:6c00:b:1d09:f200:93a1 (United States)

ASN16509 (AMAZON-02, US)

b.stripecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.219.90 (None, )

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api2.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	stripe.com js.stripe.com — Cisco Umbrella Rank: 1155 merchant-ui-api.stripe.com — Cisco Umbrella Rank: 5082 r.stripe.com — Cisco Umbrella Rank: 2301 m.stripe.com — Cisco Umbrella Rank: 1134 stripe.com — Cisco Umbrella Rank: 846	2 MB
22	google.com pay.google.com — Cisco Umbrella Rank: 2753 www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 148 adservice.google.com — Cisco Umbrella Rank: 92 play.google.com — Cisco Umbrella Rank: 33	425 KB
17	winred.com 1 redirects secure.winred.com — Cisco Umbrella Rank: 78857 app.winred.com — Cisco Umbrella Rank: 141672 gtm.winred.com — Cisco Umbrella Rank: 127398	219 KB
12	googleusercontent.com lh7-us.googleusercontent.com — Cisco Umbrella Rank: 608	3 MB
8	doubleclick.net 1 redirects 9381094.fls.doubleclick.net — Cisco Umbrella Rank: 284883 stats.g.doubleclick.net — Cisco Umbrella Rank: 84 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	5 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	647 KB
6	hcaptcha.com hcaptcha.com — Cisco Umbrella Rank: 5514 newassets.hcaptcha.com — Cisco Umbrella Rank: 6729 api2.hcaptcha.com — Cisco Umbrella Rank: 14471 api.hcaptcha.com — Cisco Umbrella Rank: 6866	439 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	21 KB
4	gstatic.com www.gstatic.com	102 KB
4	cloudfront.net d35ligi1n5bgzc.cloudfront.net	387 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 374	187 KB
3	stripecdn.com b.stripecdn.com — Cisco Umbrella Rank: 11596	43 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1243	16 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	71 KB
2	nolib.us 2 redirects nolib.us	415 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	270 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 822	722 B
1	t.co t.co — Cisco Umbrella Rank: 674	376 B
1	rmbl.ws a.ads.rmbl.ws — Cisco Umbrella Rank: 51999	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 775	15 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 788	7 KB
165	21

	Domain	Requested by
43	js.stripe.com	secure.winred.com js.stripe.com
15	r.stripe.com	js.stripe.com
13	secure.winred.com	1 redirects secure.winred.com static.cloudflareinsights.com
12	play.google.com	www.gstatic.com
12	lh7-us.googleusercontent.com	secure.winred.com
7	www.googletagmanager.com	secure.winred.com www.googletagmanager.com www.google-analytics.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com secure.winred.com
4	www.gstatic.com	pay.google.com www.gstatic.com
4	www.google.com	secure.winred.com
4	stats.g.doubleclick.net	www.google-analytics.com secure.winred.com www.googletagmanager.com
4	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	newassets.hcaptcha.com	hcaptcha.com newassets.hcaptcha.com
3	b.stripecdn.com	js.stripe.com b.stripecdn.com
3	m.stripe.com	m.stripe.network
3	gtm.winred.com	www.googletagmanager.com
3	pay.google.com	js.stripe.com pay.google.com www.gstatic.com
2	stripe.com	js.stripe.com
2	analytics.google.com	secure.winred.com www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	9381094.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	merchant-ui-api.stripe.com	js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	connect.facebook.net	secure.winred.com connect.facebook.net
2	nolib.us	2 redirects
1	api.hcaptcha.com	newassets.hcaptcha.com
1	api2.hcaptcha.com	newassets.hcaptcha.com
1	hcaptcha.com	b.stripecdn.com
1	www.facebook.com	secure.winred.com
1	adservice.google.com	9381094.fls.doubleclick.net
1	analytics.twitter.com	secure.winred.com
1	t.co	secure.winred.com
1	a.ads.rmbl.ws	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	app.winred.com	secure.winred.com
1	static.cloudflareinsights.com	secure.winred.com
165	36

This site contains links to these domains. Also see Links.

Domain
txtterms.co
winred.com
www.donaldjtrump.com
cdn.donaldjtrump.com
donaldjtrump.com

Subject Issuer	Validity	Valid
secure.winred.com Cloudflare Inc ECC CA-3	`2024-01-22` - `2024-12-31`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-21` - `2024-03-20`	3 months	crt.sh
a.ads.rmbl.ws R3	`2024-02-14` - `2024-05-14`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2024-03-06` - `2024-06-06`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-02`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2024-05-23`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Frame ID: 8A8FB866F869D6E24FD7CF23FB949F33
Requests: 69 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 5D15D56A46A436451443FF5B82A9D158
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
Frame ID: 172343EA6D9104107EE3D8850C11DD6F
Requests: 14 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
Frame ID: 1FA25898BE7B20C5C23246EB22280CA1
Requests: 10 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
Frame ID: CEA4D161B1C045A9AD34D68C322A5DAE
Requests: 14 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html
Frame ID: 7128E3CFF2BB08FF0384FF1EE7C4D277
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html
Frame ID: C5D11B104CAE7EFC60D01F2B3998FAD9
Requests: 3 HTTP requests in this frame

Frame: https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js
Frame ID: 9F9CE567A8535BEF8B545507C08B7E74
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 7C28B13919A3D7F25DD1EF6F31068397
Requests: 5 HTTP requests in this frame

Frame: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075
Frame ID: CDA563F3237A9086A2EF8DCBD9373001
Requests: 2 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: 5AE2ACD3740CD7AF523ACF2202F73EC9
Requests: 12 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html
Frame ID: 8FDCE9325044F66E8F0CA6C487B97CC8
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html
Frame ID: 1139F98E46C6B514C514C0422730F9E8
Requests: 4 HTTP requests in this frame

Frame: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com
Frame ID: 4F3A0F1F27030C5D69580EF4E9EFA976
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
Frame ID: 6E129988B393B7BC5710754F2C0755FC
Requests: 7 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/static/hcaptcha.html?_v=jckdgozqp0j
Frame ID: 9EBC46455D302E04C53110E633E762AF
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MAGA

Page URL History Show full URLs

http://nolib.us/4vubsh HTTP 302
https://nolib.us/4vubsh HTTP 307
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_ca... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

hCaptcha (Security) Expand

Overall confidence: 100%
Detected patterns

https://hcaptcha.com/([\d]+?)/api.js

Page Statistics

165
Requests

99 %
HTTPS

63 %
IPv6

21
Domains

36
Subdomains

30
IPs

3
Countries

7577 kB
Transfer

17969 kB
Size

33
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://txtterms.co/88022-2/
Title: txtterms.co/88022

Search URL Search Domain Scan URL

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://www.donaldjtrump.com/join
Title: Interested in volunteering? Click here to sign up today.

Search URL Search Domain Scan URL

URL: https://cdn.donaldjtrump.com/djtweb24/general/TSA_JFC_Contributor_Form_230217.pdf
Title: Want to donate by mail? Click here to print out a donation form that you can send to our address.

Search URL Search Domain Scan URL

URL: http://donaldjtrump.com/
Title: donaldjtrump.com

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nolib.us/4vubsh HTTP 302
https://nolib.us/4vubsh HTTP 307
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js

Request Chain 70

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075 HTTP 302
https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075

165 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/
Redirect Chain

http://nolib.us/4vubsh
https://nolib.us/4vubsh
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-...

138 KB
20 KB

255ms
136ms

Document
text/html

2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

399ed7eb70f7e8714abf92fdd3856046708f5a60a9bf96f3de21372d06cf313b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 863733256ab58cca-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:22 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-rack-cors: miss; no-origin
x-request-id: 6ef375d2-1c9b-4df0-904e-03eb4e5e4354
x-revv-cache: Hit from Revv
x-runtime: 0.060467
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-type: application/octet-stream
date: Tue, 12 Mar 2024 22:25:22 GMT
location: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
server: awselb/2.0

GET
H2 200 / Show response
js.stripe.com/v3/ 605 KB
168 KB 465ms
28ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

4562ab90ec43ccae0cc2070788894ecfa6823800f3634cd2d2e400dbba6d0a27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:23 GMT
via: 1.1 varnish
age: 29
x-cache: HIT
content-length: 171322
x-request-id: 8fc5711e-e490-475d-9e20-5a73fe20e995
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "350a4c7358c8ba0e7e8a4f2a9733976b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 23

GET
H2 200 landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
secure.winred.com/assets/ 219 KB
34 KB 126ms
124ms Stylesheet
text/css 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 4RBMbG_c3G5laVKEwPaykYWu8oOdV56f
cf-cache-status: HIT
x-amz-request-id: 5KKR1WYEMD2AFQGK
age: 793
cf-polished: origSize=227667
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Br22tKzkJ5TEfMZhxCJGPQuAVcFNLGq0+3CO7dzysiVXDb3gbreCBmJMtE7vpfDJAhZrt/6TOvY=
cf-bgj: minify
last-modified: Tue, 28 Nov 2023 01:42:36 GMT
server: cloudflare
etag: W/"57df3b6cebff9962c43c29347b45123f"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 86373326ec858cca-EWR
expires: Wed, 13 Mar 2024 02:25:23 GMT

GET
H2 200 1709921348.css
secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/ 8 KB
2 KB 64ms
63ms Stylesheet
text/css 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/1709921348.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fa3e3c6540600d9350822d57e6844187ffb140e90652b864f6489e18a0cd89a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Tue, 12 Mar 2024 22:25:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
age: 15017
cf-polished: origSize=8687
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: debdfd24-2db4-4327-9348-d9b294ce2bea
x-runtime: 0.043300
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Tue, 12 Mar 2024 18:15:06 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: public, max-age=31556952
cf-ray: 86373326ec878cca-EWR
expires: Thu, 13 Mar 2025 04:14:35 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 231 KB
76 KB 1009ms
78ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

8f3218768964984bb0041129c746b23b799e4886c0c022de1208514a404aca99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77230
x-xss-protection: 0

GET
H2 200 application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js Show response
secure.winred.com/assets/ 488 KB
137 KB 75ms
74ms Script
application/javascript 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3bcb4b6ff50975328f38e8553353ce3c0a5bf93a578f9c4d6affc81870c349

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 3bK8BvucZTRAbTuPs1lO1vzovxv1fn3N
cf-cache-status: HIT
x-amz-request-id: FRDVDGEDDD68NP79
age: 5694
cf-polished: origSize=499824
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lwsAuVd2gVxlC03KPwRRr1PNQ14EUAd3oftwBiO/BvWcYwrbnBT9wOn3K3bl+cFIaHj3EoixM64=
cf-bgj: minify
last-modified: Tue, 05 Mar 2024 00:21:32 GMT
server: cloudflare
etag: W/"9aa57484c8a794fd69956b30a12bc89c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 86373326ec8a8cca-EWR
expires: Wed, 13 Mar 2024 02:25:23 GMT

GET
H2 200 TRUMP_LOGO_-_WHITE_BOX_%281%29.png
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/826/035/large/ 165 KB
165 KB 475ms
39ms Image
image/png 2600:9000:247b:9000:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/826/035/large/TRUMP_LOGO_-_WHITE_BOX_%281%29.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9000:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3c2125ebaeb07268bbc110c5f11486686b0d1b756115142dfbfc855cf82ba43

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: yfwN.ggIOaUC6AxHonrapfZVYuxzZd13
date: Tue, 12 Mar 2024 12:11:06 GMT
via: 1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 36858
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 168824
last-modified: Wed, 10 Jan 2024 18:25:23 GMT
server: AmazonS3
etag: "75ce68862b7b84a971e6026ca747a8ba"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: c7vV_G_C3xLaexP09SMvxnN-BZMqZDkvwsfuBdQylXTyXEeWV41Ukw==

GET
H2 200 9y7sj8C59UfvGzH4prcdnufUQoBG6b0qovGsORwm8zqjsjLTcND2-UyrgpfDXczHsmRvgtgVQ9MagwEIEhphsudXst6lUttIJW_rjmFqrvKLyDCfHtoKwpDGUtQKmDwXUmKKdPOAAkNV6q0YrS7zarI
lh7-us.googleusercontent.com/ 195 KB
195 KB 472ms
36ms Image
image/gif 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/9y7sj8C59UfvGzH4prcdnufUQoBG6b0qovGsORwm8zqjsjLTcND2-UyrgpfDXczHsmRvgtgVQ9MagwEIEhphsudXst6lUttIJW_rjmFqrvKLyDCfHtoKwpDGUtQKmDwXUmKKdPOAAkNV6q0YrS7zarI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c6118142b959d48f825b11ab7ab9cbb551681de4764b45868f0417817c2243b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 19:56:46 GMT
x-content-type-options: nosniff
age: 8917
content-disposition: inline;filename="Add a heading (8).gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 199477
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 19:56:46 GMT

GET
H2 200 a2OSn2pfK5WJs5hzVn1gHI_1GRm1l2SlVacKICrDYFjuN_sJQAAwaYnyhQcDUNGKKbWDM8GLvMbYY4tRxcit3ZMX0AfozEswB8OUGnVLDc5uyt2G5MEdDF5UQ_MGVeX6m50yolLr_i_zU__tG7egpok
lh7-us.googleusercontent.com/ 619 KB
619 KB 36ms
35ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/a2OSn2pfK5WJs5hzVn1gHI_1GRm1l2SlVacKICrDYFjuN_sJQAAwaYnyhQcDUNGKKbWDM8GLvMbYY4tRxcit3ZMX0AfozEswB8OUGnVLDc5uyt2G5MEdDF5UQ_MGVeX6m50yolLr_i_zU__tG7egpok

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f05270c012f1cc9f1e631a07b1d87079e95aa73c95df82eeace0e9daf8e36373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 633364
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 OjPOvST5Rp7L80iPY9ih4pqrPI6_LPK-93a1Nd_3O3sV2xaSn8hjcv_xu-rcEmW-VG7sHsbKkunJ3fdGz9u3gjfUuXzDU1YJl1kBcprtd6aMZVazp-quTJTZNlLUvkkX8OiCF-uFww44j34634uuBDg
lh7-us.googleusercontent.com/ 240 KB
240 KB 242ms
234ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/OjPOvST5Rp7L80iPY9ih4pqrPI6_LPK-93a1Nd_3O3sV2xaSn8hjcv_xu-rcEmW-VG7sHsbKkunJ3fdGz9u3gjfUuXzDU1YJl1kBcprtd6aMZVazp-quTJTZNlLUvkkX8OiCF-uFww44j34634uuBDg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6107b0d3cc386025d24b1e78350469c1e9b51e6611d67fc6b24f2abb181b94c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 245402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 rMU9it31CYtyOH8nGym11AAl0YcF4fdMr8J9OJoL6IfcU4BS4KeiYSjwZEIwN_DnD_d5w3ApLAfs1gG7Xivk-3E8HS4W4OuUl9-1ZVZ1TCmKSm8sjjF2Zc1A2V9sdy3Cei_0ETxqVbbIOte3dDNRwds
lh7-us.googleusercontent.com/ 327 KB
327 KB 254ms
247ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/rMU9it31CYtyOH8nGym11AAl0YcF4fdMr8J9OJoL6IfcU4BS4KeiYSjwZEIwN_DnD_d5w3ApLAfs1gG7Xivk-3E8HS4W4OuUl9-1ZVZ1TCmKSm8sjjF2Zc1A2V9sdy3Cei_0ETxqVbbIOte3dDNRwds

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

be92d9673bff24b4647b2f0f2db11c87a57ba3355e40ebba73da38660179970e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 334819
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 iFnUBa57_9xSq6OUr7sK1_BhCsjidoNgruy4zUELKNFbtFPI8cZkWWMOmCwBoSlXBxd_4MGNCHiwDZNeatZsdXOPdggNfiTL_7xXY402xT6bPYAovbxPzPPMIw-JGl-_prPRQMbShW8128WPsXxkwHo
lh7-us.googleusercontent.com/ 24 KB
24 KB 265ms
257ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/iFnUBa57_9xSq6OUr7sK1_BhCsjidoNgruy4zUELKNFbtFPI8cZkWWMOmCwBoSlXBxd_4MGNCHiwDZNeatZsdXOPdggNfiTL_7xXY402xT6bPYAovbxPzPPMIw-JGl-_prPRQMbShW8128WPsXxkwHo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

335b041a57cb1746b5b1634e9537f532503d6691d825dcfc1b4babba301fc3d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24244
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 s8OmKr-1_NyLGWog4y0LunP9ny_CjUR-YDhYvPjpNC9fcz0wHzUjwv5kkznmOdqKqIGmIIyx1xq4IP_9aKG3GN3dsmSdMZrO6TKIT4SvVgmKKpwl4zo4G-q9FZXwJa0K4dHjGADIEvju7ZS1sfQyG0g
lh7-us.googleusercontent.com/ 324 KB
324 KB 270ms
263ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/s8OmKr-1_NyLGWog4y0LunP9ny_CjUR-YDhYvPjpNC9fcz0wHzUjwv5kkznmOdqKqIGmIIyx1xq4IP_9aKG3GN3dsmSdMZrO6TKIT4SvVgmKKpwl4zo4G-q9FZXwJa0K4dHjGADIEvju7ZS1sfQyG0g

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ff8ecca72ee1ad26b150b7f4ab7b3dc8dbb119fd764e7acbe5dee40f7837a22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 331798
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 imtkbni7BKmYw1pCyOCq31AVhtciPHYQcP1P32D_iNk-iZxIJEn8TzaUyfu0lSSwhc1g7uyUY86hzm-b14JW8e4KkFXo507SiWzW2VavmaIWhq0rb4XifMgiKrry0TE2nBfbffWsxnRZEorxGBiJp_0
lh7-us.googleusercontent.com/ 397 KB
397 KB 261ms
254ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/imtkbni7BKmYw1pCyOCq31AVhtciPHYQcP1P32D_iNk-iZxIJEn8TzaUyfu0lSSwhc1g7uyUY86hzm-b14JW8e4KkFXo507SiWzW2VavmaIWhq0rb4XifMgiKrry0TE2nBfbffWsxnRZEorxGBiJp_0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

063054879eec7d015ae3fbee4997239dd1bd2016456a74987fb57ebc864a1a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 406287
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 cDaTvDYrgcqrpve3u4OMva7WzdJIn3TrB_VxdwoQ0qaKOSAejiPSGT0qtC0cd9VsLlQnlZ2Wb3JCrm1nxIPOnNb5t8g0Sd62Ujrb0SP28JeAd1dceELhbNNSrY7CNpEw43hdWseETDApxXKDhJJIXTw
lh7-us.googleusercontent.com/ 30 KB
30 KB 262ms
256ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/cDaTvDYrgcqrpve3u4OMva7WzdJIn3TrB_VxdwoQ0qaKOSAejiPSGT0qtC0cd9VsLlQnlZ2Wb3JCrm1nxIPOnNb5t8g0Sd62Ujrb0SP28JeAd1dceELhbNNSrY7CNpEw43hdWseETDApxXKDhJJIXTw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8726b07c568b9c0beb4f94f28032b44b05ed250511375c86a1804b2d1db67f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30436
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 G0c8QV4ga1KDaq77Ct-SaBT0dtBlVXyhFBqs0qManIxwIY7FZbzs9C69FoHs-uGXoKG-2ae2AtP4mrA5IuwCN7Gh3q-4_3abnVcmjobaCNZ_rQEbbNxUBz8Hcx0Yn-G60uK3RDuLt5ZTI61md7HPOow
lh7-us.googleusercontent.com/ 299 KB
299 KB 259ms
253ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/G0c8QV4ga1KDaq77Ct-SaBT0dtBlVXyhFBqs0qManIxwIY7FZbzs9C69FoHs-uGXoKG-2ae2AtP4mrA5IuwCN7Gh3q-4_3abnVcmjobaCNZ_rQEbbNxUBz8Hcx0Yn-G60uK3RDuLt5ZTI61md7HPOow

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9a0fea60b23cab2006d139b4934661a679771385be7e2ce011e4797a62bb5199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306187
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 C2MQiCa_bspRAi_c3VcfdZJriKG8Lit2vp8QBTxMEhdEaLmOuffb5Y7Aaz3ScFSCsYU6ojzKjilvwLbuqOb72J5rTGffnhu3akzM6ymr53SljIfBVe3U_SLoNO3LqWqLKnPSMPB02eoKpv-O7GjssWA
lh7-us.googleusercontent.com/ 421 KB
422 KB 264ms
258ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/C2MQiCa_bspRAi_c3VcfdZJriKG8Lit2vp8QBTxMEhdEaLmOuffb5Y7Aaz3ScFSCsYU6ojzKjilvwLbuqOb72J5rTGffnhu3akzM6ymr53SljIfBVe3U_SLoNO3LqWqLKnPSMPB02eoKpv-O7GjssWA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52ff61f8a3c0bc6a5cb3dc91ae468fdee25845bc9863bc943a6b1a6e3cfe371b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:20:58 GMT
x-content-type-options: nosniff
age: 7465
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431354
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:20:58 GMT

GET
H2 200 bEVmiBAlrMNHqy8pYp6es3R_SGCX0rOh-5MJKw3B6i_L2qlob_wNs8XJaFAhpwwow-ZcPq_qlxb3kEhHRc7wAE1HvyVsoEbb_cj0vm5_mmxCKnsijw0yeSIk30aoo1k6PLKAXCZRaO4oYjE4luuo8qE
lh7-us.googleusercontent.com/ 5 KB
5 KB 260ms
254ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/bEVmiBAlrMNHqy8pYp6es3R_SGCX0rOh-5MJKw3B6i_L2qlob_wNs8XJaFAhpwwow-ZcPq_qlxb3kEhHRc7wAE1HvyVsoEbb_cj0vm5_mmxCKnsijw0yeSIk30aoo1k6PLKAXCZRaO4oYjE4luuo8qE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce483bd57a7d0576c16db84df9cf92b4d94a2c8472f3254dbd2a759704d0fbfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:29:06 GMT
x-content-type-options: nosniff
age: 3377
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="_QW1zW-kTCSjbaqIOpuRy5VMvh61fpZv212Q1YCWeOexOYKps9CRhiAxX9Kvvq-lIdKhd_eQcyu6vBuNlCq3u2RFxweb4FxaKIYDq3EaTHdLU2IPQQ2fCV-KVJygrIgkrOcUZ9htsl6GD76yV3Xaut4.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5209
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 21:29:06 GMT

GET
H2 200 XNEQX8J3Hn1Tc1Cekdz69bCfdrh2IUfxO-n_jmYRPw8m0XbfQ8U6r2gs40xCYHpHYIOjHO8UXt1tM0880iBH-lhkpJf_WnI6GRQGSpgV6uggayE25ukLzK4C9WilKq3YZYdrC00FjrewTGXWDIAtoEo
lh7-us.googleusercontent.com/ 195 KB
196 KB 257ms
251ms Image
image/png 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/XNEQX8J3Hn1Tc1Cekdz69bCfdrh2IUfxO-n_jmYRPw8m0XbfQ8U6r2gs40xCYHpHYIOjHO8UXt1tM0880iBH-lhkpJf_WnI6GRQGSpgV6uggayE25ukLzK4C9WilKq3YZYdrC00FjrewTGXWDIAtoEo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b94b05ccc912f4deadb7dffd20326ce301931340c02efcb1e2a80fb55c59c6c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 20:22:36 GMT
x-content-type-options: nosniff
age: 7367
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="DJT_YourRetribution_MMS.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 199926
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 13 Mar 2024 20:22:36 GMT

GET
H2 200 potus_headshot.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/ 22 KB
22 KB 236ms
231ms Image
image/png 2600:9000:247b:9000:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/potus_headshot.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9000:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 06:27:54 GMT
x-amz-version-id: 6HYtNhcBxi6F_uJ2AY87Rc_xOq3TeHoz
via: 1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
last-modified: Sat, 17 Jul 2021 20:11:51 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P2
age: 57450
etag: "e595f679c10699fedef3c779e864cdd9"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 22449
x-amz-cf-id: pwuGS4t7nOmlS7ywYvXAG43VYyeXQNb-AnzJl219BBZ18TPX7lFs2Q==

GET
H3 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 246ms
243ms Image
image/webp 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: aJPW9Tz10D0h5EN716h5nNhnc17HLXCv
cf-cache-status: HIT
x-amz-request-id: TVDS4EQ4SSCX29T3
age: 1608
cf-polished: origFmt=png, origSize=11635
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc: h3=":443"; ma=86400
content-length: 8708
x-amz-id-2: m+4A6HQqi8c2RVVh3u5C0UrvNDPL1wF8EYeU/gJ4om4iua8XjCHdh1eNHmMzES62hNQy3Dqooas=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Mar 2024 00:21:38 GMT
server: cloudflare
etag: "972c0cca8d1e490484e89513f902e847"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8637332aee4c8c7d-EWR
expires: Wed, 13 Mar 2024 02:25:23 GMT

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
8 KB 244ms
241ms Image
image/svg+xml 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:23 GMT
x-amz-version-id: f1JFLNaL.a2v3vTaKefRH3mKI0iL1aS2
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: HIT
x-amz-request-id: 59K6D795N9T3MNA0
age: 7179
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: eqQT11BFsooX02iTyUhIVQ/pMSqpRemieVhXVAT6UU2suANm0Xc82eoFBKfQ36Ajzid8l8Y/2JQ=
last-modified: Tue, 28 Nov 2023 01:42:37 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 8637332aee4d8c7d-EWR
expires: Wed, 13 Mar 2024 02:25:23 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 1017ms
90ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://secure.winred.com/
Origin: https://secure.winred.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:24 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 86373330b8898c53-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 460 KB
103 KB 1010ms
83ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5047126798bb752d48166488c4c4dbfb8f66ddd018545b9bbbe73a7204b86194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104658
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:26:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 22:25:24 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 318 KB
107 KB 1036ms
109ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d640ae9ba36d2d297119da69e4446915e54c53e7598cf05eda4c6cdd5529312c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108992
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:26:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 22:25:24 GMT

GET
H2 200 20210604_save-america_winred-backgrounds_winred-desktop_v2.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/092/966/large/ 197 KB
198 KB 205ms
204ms Image
image/jpeg 2600:9000:247b:9000:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/092/966/large/20210604_save-america_winred-backgrounds_winred-desktop_v2.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/1709921348.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9000:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81a6832550bd52d1c44e1e63c2d9137a441dd53d31302c3070000403d032b012

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: NXb6H3gY_kurDwSBNPY4Z260kpd_Eays
date: Tue, 12 Mar 2024 17:45:50 GMT
via: 1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 16774
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 202127
last-modified: Sun, 18 Jul 2021 21:49:32 GMT
server: AmazonS3
etag: "4652598428898ad578aa5424f8463865"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: V_gHNgPprtIXWQC2G3iFwx8nCotdAenGd1J5bpTcZXGqkOqWLpirvw==

GET
H3 200 icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
secure.winred.com/assets/ 290 B
818 B 240ms
239ms Image
image/webp 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:23 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: WrwkLH_G_74cFy4BsV1m.aK7V4xDq.yM
cf-cache-status: HIT
x-amz-request-id: H4ZZSM3F9D68PJEQ
age: 1978
cf-polished: origFmt=png, origSize=560
content-disposition: inline; filename="icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.webp"
alt-svc: h3=":443"; ma=86400
content-length: 290
x-amz-id-2: FgXtRuSn7nnCmLrIBQfespZvo1sDn3eYfSOgz/l+o4qhi43L8uVjZBTlcuY765LwF2JGk3YdKe8=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Mar 2024 00:21:36 GMT
server: cloudflare
etag: "571ee659b7ee9af9291e7dd8176721d5"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8637332c2fcf8c7d-EWR
expires: Wed, 13 Mar 2024 02:25:23 GMT

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 5D15 200 B
840 B 53ms
52ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 10303490
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 27618
x-content-type-options: nosniff
x-request-id: 6b24f273-13d4-4a7f-a09f-1cff4061c58a
x-served-by: cache-yyz4531-YYZ

GET
H2 200 controller-d22e0acce772850d8ff3929f47cf2647.html Show response
js.stripe.com/v3/ Frame 1723 325 B
735 B 41ms
40ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

2228ef8bb1759e2fc21769c6565aa61fcff680a1734cfe158552cbb96851a4ef

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 32
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 189
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "d22e0acce772850d8ff3929f47cf2647"
last-modified: Tue, 12 Mar 2024 20:05:23 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 8
x-content-type-options: nosniff
x-request-id: bfdb3839-3cb4-4306-861e-95230899ead5
x-served-by: cache-yyz4531-YYZ

GET
H2 200 elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html Show response
js.stripe.com/v3/ Frame 1FA2 798 B
1 KB 47ms
46ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

afce38c87202e11427285400864e9a0bfdc9350f887453eaa7b9ec1f1a1374de

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8109
cache-control: max-age=31536000
content-encoding: br
content-length: 362
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "d7bdfad2328223f5061c18aa1054f04d"
last-modified: Tue, 12 Mar 2024 20:05:24 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 423
x-content-type-options: nosniff
x-request-id: 067d0519-7400-4c30-a2a2-413ec6779122
x-served-by: cache-yyz4531-YYZ

GET
H2 200 current_with_info Show response
app.winred.com/api/v3/users/ 162 B
1 KB 264ms
114ms XHR
application/vnd.api+json 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.winred.com/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eea707b59fbf2eefc574c9aee5d76fad50c4f48dfebef82540a86225d45b9e3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
x-rack-cors: hit
date: Tue, 12 Mar 2024 22:25:25 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-encoding: br
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
x-rack-cors-original-access-control-expose-headers
alt-svc: h3=":443"; ma=86400
x-request-id: 944416bc-23bf-49c6-8265-488d6197041a
x-runtime: 0.010777
server: cloudflare
etag: W/"eea707b59fbf2eefc574c9aee5d76fad"
access-control-max-age: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
cf-ray: 86373332e93b4277-EWR

GET
H3 200 rv_page_01hrfjqn55v6bawz2h8820xd5t-9114a612c9f91ea65e2ebe2d35ccc504d782b27f Show response
secure.winred.com/api/v3/donations/live/ 448 B
510 B 148ms
147ms XHR
application/json 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/api/v3/donations/live/rv_page_01hrfjqn55v6bawz2h8820xd5t-9114a612c9f91ea65e2ebe2d35ccc504d782b27f?stream_id=84b564de0b57f39dfa2bb97ab0ac35f47088cfd1&_=1710282323594

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

080e639ef819bcba817a7a0139b5cb235783c346a0697711f393963f8b63c21a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
X-CSRF-Token: ovwrGXEHCRGolZ2eRHkXiMl+7ZMMoJxdNrqbS0wDerY//igdVpvxnmO2VtyWowHebXxE2qfrnpFXtb+1n1xG5g==
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Tue, 12 Mar 2024 22:25:24 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: c08e8240-67bb-4d80-a2f8-717f7624c5dc
x-runtime: 0.058485
server: cloudflare
etag: W/"080e639ef819bcba817a7a0139b5cb23"
vary: Origin, Accept-Encoding
content-type: application/json
cache-control: public, max-age=60
cf-ray: 863733323ee98c7d-EWR
expires: Tue, 12 Mar 2024 22:26:24 GMT

GET
H2 200 controller-d22e0acce772850d8ff3929f47cf2647.html Show response
js.stripe.com/v3/ Frame CEA4 325 B
265 B 44ms
43ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

2228ef8bb1759e2fc21769c6565aa61fcff680a1734cfe158552cbb96851a4ef

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 32
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 189
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "d22e0acce772850d8ff3929f47cf2647"
last-modified: Tue, 12 Mar 2024 20:05:23 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 9
x-content-type-options: nosniff
x-request-id: d1081cd3-e08e-41d7-8185-cd8e9e2bf900
x-served-by: cache-yyz4531-YYZ

GET
H2 200 payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html Show response
js.stripe.com/v3/ Frame 7128 408 B
965 B 44ms
41ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1d0815d0aeaf770efed263e912de5834d22e87f91a00ad058cf421dddeac12b1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8086
cache-control: max-age=31536000
content-encoding: br
content-length: 222
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "54b6ff1f9d3b50a93526ab99c4309206"
last-modified: Tue, 12 Mar 2024 20:05:38 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 119
x-content-type-options: nosniff
x-request-id: 044440d1-e8d3-4913-b84c-01b73dbc04d4
x-served-by: cache-yyz4531-YYZ

GET
H2 200 payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html Show response
js.stripe.com/v3/ Frame C5D1 344 B
1 KB 43ms
42ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

876c9fbc40caf66857e2c60e1beda36be04b73165a28c1dbac9fd4f58dcb6e36

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 45
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 202
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:24 GMT
etag: "3c55f5b229c7a3e02ed9afcba327ad44"
last-modified: Tue, 12 Mar 2024 20:05:38 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-request-id: d39eb0cc-cbd5-496c-9af1-ed1e4e59d1c8
x-served-by: cache-yyz4531-YYZ

GET
H3 200 DJT-THANK_YOU_%285%29.png
d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/853/615/small_square/ 1 KB
2 KB 38ms
36ms Image
image/png 2600:9000:247b:9000:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/853/615/small_square/DJT-THANK_YOU_%285%29.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:247b:9000:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46311e8ed501f8db5fb8f70d41a42bb114c26b13bb130c4e48cb8e87e7aeb054

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: VM2bpdJqRAUxPaP094scFFxxx0yFdsTY
date: Tue, 12 Mar 2024 22:01:18 GMT
via: 1.1 e58d56c2f23391dd5609aad3656901ce.cloudfront.net (CloudFront)
last-modified: Fri, 09 Feb 2024 14:51:59 GMT
server: AmazonS3
age: 1447
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
etag: "4fa0bd2db00b150bc0e59057c4a76f36"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1214
x-amz-cf-id: ru2ncbyCu_PYDYbt2gpXrXpmYX6bA9bERVZBln3ZAWGKFyUr8Z8KuQ==

GET
H3 200 statistics Show response
secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/forms/ 1 KB
1 KB 228ms
227ms XHR
text/html 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/forms/statistics

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71f4b3bb8c6120156bf56f71d9a7a629bf9b68403407f79a7ea8e5e48bd0d63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
X-CSRF-Token: ovwrGXEHCRGolZ2eRHkXiMl+7ZMMoJxdNrqbS0wDerY//igdVpvxnmO2VtyWowHebXxE2qfrnpFXtb+1n1xG5g==
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Tue, 12 Mar 2024 22:25:25 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d56dfc99-1dcc-4fa9-852b-58fa1331d707
x-runtime: 0.138907
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 863733328f4d8c7d-EWR

GET
H3

200

main.js Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/ Frame 9F9C
Redirect Chain

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js

8 KB
4 KB

56ms
56ms

Script
application/javascript

2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js

Requested by

Protocol

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34a5294ed39590267d66f164e00e3d22de04aa012c5505bb21065fb41fab0fbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 86373333787c8c7d-EWR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 12 Mar 2024 22:25:24 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/5b600c458061/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 86373332af728c7d-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5D15 526 B
639 B 34ms
33ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8408191
x-cache: HIT
content-length: 315
x-request-id: 9922522c-430a-4e06-a016-7c5075dfc957
x-served-by: cache-yyz4531-YYZ
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 25719

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1723 538 KB
131 KB 41ms
40ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 133585
x-request-id: 7c564ca7-7a20-4ee2-990b-cde5d9c34027
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2096

GET
H2 200 controller-9c04ce90187e713c3e4078a363d28f07.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1723 704 KB
185 KB 40ms
39ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-9c04ce90187e713c3e4078a363d28f07.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7d5a6c4ce646f997c578885ffb719de22a3dd0bc91e381144de69462541a48ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 188717
x-request-id: 8cd0db2e-74c3-496a-a9b4-0f6aecff0c3e
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:34 GMT
server: Fastly
etag: "8c0b6b15a42dccb570d912b8f9bb5b1d"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2093

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1FA2 538 KB
131 KB 102ms
101ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 133585
x-request-id: 1689c0f0-85a3-40af-a26d-14ea31d79368
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2097

GET
H2 200 ui-shared-fbd319e5fff68d0189292672b24ac4f9.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1FA2 415 KB
118 KB 125ms
124ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-fbd319e5fff68d0189292672b24ac4f9.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

cc65ba9c1b0699aba0f63a6ea34b6bffd232b5e556f9de787dad852f491bb097

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8110
x-cache: HIT
content-length: 120197
x-request-id: 9ecd754b-220e-4614-8a19-53b5602de2f9
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:37 GMT
server: Fastly
etag: "5d8b42e60513ef25cfceb448c51c0793"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 393

GET
H2 200 elements-inner-card-c59665615e93a709cc55f2e224e91491.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1FA2 55 KB
15 KB 118ms
109ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-card-c59665615e93a709cc55f2e224e91491.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1b563eda3dbdadcc71e09378d95a6c9f338b9d68b685742c67f07a9a924edb1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 523186
x-cache: HIT
content-length: 15634
x-request-id: bcd73898-041c-496d-8196-05df45c81220
x-served-by: cache-yyz4531-YYZ
last-modified: Wed, 06 Mar 2024 21:02:55 GMT
server: Fastly
etag: "165858d7f65b235654cfb27c83b2fa40"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1797

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame 1FA2 20 KB
3 KB 126ms
125ms Stylesheet
text/css 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 20051881
x-cache: HIT
content-length: 3304
x-request-id: d09748e0-5e82-4e22-b963-8eaad245c942
x-served-by: cache-yyz4531-YYZ
last-modified: Mon, 24 Jul 2023 20:23:04 GMT
server: Fastly
etag: "b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2176

GET
H2 200 elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css
js.stripe.com/v3/fingerprinted/css/ Frame 1FA2 14 KB
2 KB 101ms
100ms Stylesheet
text/css 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 2779830
x-cache: HIT
content-length: 2260
x-request-id: 160b402b-d65f-43b3-80ab-64ba708d6e03
x-served-by: cache-yyz4531-YYZ
last-modified: Fri, 09 Feb 2024 18:11:43 GMT
server: Fastly
etag: "87bf0041cf7ae5e77d770c423e25828a"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1752

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame CEA4 538 KB
131 KB 120ms
119ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 133585
x-request-id: a768f8af-11c2-45df-82cc-08753251f69c
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2098

GET
H2 200 controller-9c04ce90187e713c3e4078a363d28f07.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame CEA4 704 KB
185 KB 120ms
120ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-9c04ce90187e713c3e4078a363d28f07.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7d5a6c4ce646f997c578885ffb719de22a3dd0bc91e381144de69462541a48ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 188717
x-request-id: 2211e4ee-9a9a-42fc-9f19-6807790f51b3
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:34 GMT
server: Fastly
etag: "8c0b6b15a42dccb570d912b8f9bb5b1d"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2094

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 7128 117 KB
36 KB 203ms
82ms Script
application/javascript 2607:f8b0:4004:c19::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c6ace389ea986b23ff7cfb2f858fe5ee78ac705dcf7a05004d87caa2867521a4

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-PjxLX0_NSlWnBnoi_KgpXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-PjxLX0_NSlWnBnoi_KgpXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjqtHikmJw1ZBiWF4qxVBRK8WwZKYUw2L-XUyeNTeZOvfcZFrX9YhpYftTJk2uZ0z1Uc-YZvI-ZxJ885zp3ZeXTBxfXzJJALEaEG_38WAR85nOeiR6OivfuumsKkCsuX46ayAQO6XPYA0AYp_6GaxRQNx68xzrZCAW4ua4uubwejaBHc8bIwAmOzbB"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Tue, 12 Mar 2024 22:25:25 GMT

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7128 538 KB
131 KB 119ms
118ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 133585
x-request-id: 6f8b6b24-5b08-49f7-8d29-cfa4682e0cc9
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2099

GET
H2 200 payment-request-inner-google-pay-c83e5fd7cbd25a878b3ffc70ebb53333.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7128 12 KB
5 KB 55ms
54ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-c83e5fd7cbd25a878b3ffc70ebb53333.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

06e9cfa1e2fb5b8269f55ebb7dc5ced06737bc1e3faec047ca535265a9d7ac85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-54b6ff1f9d3b50a93526ab99c4309206.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 1041272
x-cache: HIT
content-length: 5124
x-request-id: 33899d04-9731-48d3-9011-c78b0294bafa
x-served-by: cache-yyz4531-YYZ
last-modified: Thu, 29 Feb 2024 21:07:03 GMT
server: Fastly
etag: "7946a1d9a17729b6659d22b18a313c0e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 805

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame C5D1 538 KB
131 KB 117ms
116ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 8139
x-cache: HIT
content-length: 133585
x-request-id: 15b378c3-aaaa-4437-8576-a222fc27654d
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2100

GET
H2 200 payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame C5D1 13 KB
6 KB 116ms
115ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-3c55f5b229c7a3e02ed9afcba327ad44.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 2779875
x-cache: HIT
content-length: 5631
x-request-id: a742da7e-7665-40be-a690-dbe41d6e0494
x-served-by: cache-yyz4531-YYZ
last-modified: Fri, 09 Feb 2024 18:11:55 GMT
server: Fastly
etag: "32dba56f50e599b5cc53a055305f8c45"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 956

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 145ms
55ms XHR
application/json 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
91 KB 86ms
82ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2e185cedd939e694d396925b8b0644d0fc2629cd018686dc17ff9f489575676

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93086
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 174ms
49ms Script
text/javascript 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 21:51:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2023
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 12 Mar 2024 23:51:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 319 KB
106 KB 88ms
87ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b29e3553ee55ac4c8de38e8ef1db291defe373a045ed6f43c504126a62af97c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108436
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:25 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 190 KB
69 KB 92ms
86ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9381094&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

770e44412f25ebcf66534320437c6360da600a64ea5819ec7b6bd90ddce55d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71050
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:26:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 22:25:25 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 244ms
68ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 18:08:41 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kiad7000178-IAD

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 215 KB
58 KB 239ms
67ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Mar 2024 22:25:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57348
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=64, rtx=0, c=12, mss=1294, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: AMu5HRPLxATaU1jlLNuxdJVQ76ia9XHiwp3S/3zbqhptKoJcT0psaRnUat8U7AgCnc/eOXFTiwojmMV5YRbTNA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ratag Show response
a.ads.rmbl.ws/ 3 KB
2 KB 260ms
79ms Script
application/javascript 38.70.189.71
RUMBLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ads.rmbl.ws/ratag?id=AV-6622
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.70.189.71 Toronto, Canada, ASN399647 (RUMBLE, CA),
Reverse DNS
Software: nginx /
Resource Hash: 6037734d0ad3dd7b2f31955aeeb4b34e2316f726e1bd884d7dbc979649570049

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: gzip
server: nginx
etag: W/"788ed2f782eb45b57dff78c742214a69"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=900
access-control-allow-credentials: true

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 7C28 930 B
2 KB 253ms
54ms Document
text/html 2600:9000:2514:1e00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2514:1e00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 96
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:23:50 GMT
etag: "06bfcd88af438673a8bf9b845a11aa6e"
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 6379820fbac3eca5570c58b520f7931e.cloudfront.net (CloudFront)
x-amz-cf-id: 66dWBgUHgF9-ELGKe782CLOE_tNrXe7tGYxeg9f61zjc-B2PA9P2Bw==
x-amz-cf-pop: JFK50-P8
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1723 474 B
608 B 162ms
50ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 60
x-cache: HIT
content-length: 297
x-request-id: 94a88c19-9df5-4fc4-9944-9285a3fe82e4
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 16

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1723 474 B
371 B 138ms
51ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 60
x-cache: HIT
content-length: 297
x-request-id: 2d2ec62d-f95d-4eea-a73e-307e067e40ed
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 12

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame CEA4 474 B
368 B 92ms
52ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 60
x-cache: HIT
content-length: 297
x-request-id: d963d7b6-cb0a-445d-b494-5486a7c7e657
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 12

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame CEA4 474 B
368 B 78ms
51ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-d22e0acce772850d8ff3929f47cf2647.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 60
x-cache: HIT
content-length: 297
x-request-id: 87228f81-9f48-43c5-b043-140eeabba58a
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 12

POST
H3 200 863733256ab58cca Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 9F9C 0
341 B 91ms
85ms XHR
text/plain 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/863733256ab58cca

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 863733384db18c7d-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1FA2 474 B
374 B 51ms
51ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:25 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 61
x-cache: HIT
content-length: 297
x-request-id: 95c490e1-be29-422e-afd4-eb4cd86c70ac
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 22

GET
H2 200 countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json Show response
js.stripe.com/v3/fingerprinted/data/ Frame 1FA2 145 KB
39 KB 50ms
48ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/data/countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:25 GMT
via: 1.1 varnish
age: 9679105
x-cache: HIT
content-length: 39981
x-request-id: 2a6b7fcf-6fa6-43d6-8bb4-847c24b9a465
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 21 Nov 2023 21:42:47 GMT
server: Fastly
etag: "9ffc15b92962ca316164b9a5ff4c1917"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 20247

GET
H2 200 collect Show response
gtm.winred.com/g/ 476 B
929 B 267ms
163ms XHR
text/plain 2606:4700::6810:fa45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je43b0v867905447z872410129za200&_p=1710282323024&gcd=13l3l3l3l1&npa=0&dma=0&cid=1890510894.1710282326&ul=en-us&sr=1600x1200&_fplc=0&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710282323024&_s=1&sid=1710282326&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&dt=MAGA&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=-1710282321.8&epn.event_fire_time=1710282325222&ep.event_uuid=227dc936-b318-405d-b686-d0fb39d8177f&ep.isVideoPage=f&ep.referrer=&tfd=4427&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fa45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a7dd8e0dff72d9bdaacadd6db1ace750b122b0d9899e8eba5a5116d846838a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8637333b6a4318bc-EWR
alt-svc: h3=":443"; ma=86400

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame CEA4 3 KB
3 KB 282ms
180ms Fetch
application/json 198.137.150.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.137.150.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d5406207e5868e216bf005288acb1c8cd3b8c03baaf78a1f3f39e9876fa7972a

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2621
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

GET
H2

200

activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;u... Show response
9381094.fls.doubleclick.net/ Frame CDA5
Redirect Chain

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=...
https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350...

689 B
706 B

109ms
106ms

Document
text/html

142.251.40.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-9381094&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f6.1e100.net

Software

cafe /

Resource Hash

ae4b8882f645118d465f8c358dfac391ed9da402a1d9a4b74052b74827ebf5eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 402
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 22:25:26 GMT
expires: Tue, 12 Mar 2024 22:25:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 22:25:26 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
209 B 52ms
51ms XHR
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=262083632&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAEK~&jid=1950246034&gjid=29206494&cid=1890510894.1710282326&tid=UA-73658561-7&_gid=464249956.1710282326&_slc=1&gtm=45He43b0n71NTQZ9Nv72410129za200&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&gcd=13l3l3l3l1&dma=0&z=1602812297

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
348 B 137ms
50ms XHR
text/plain 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-73658561-7&cid=1890510894.1710282326&jid=1950246034&gjid=29206494&_gid=464249956.1710282326&_u=YCDAiEABBAAAAGAEK~&z=1326706037

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
84 B 52ms
52ms XHR
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=262083632&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAAGAEK~&jid=887434829&gjid=1098931536&cid=1890510894.1710282326&tid=UA-60901920-1&_gid=464249956.1710282326&_r=1&_slc=1&gtm=45He43b0n71M27JCGv72350723za200&gcd=13l3l3l3l1&dma=0&z=1049346710

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

641defe78e044cbd72e13110f131016fc26c1e8b00ef29ad142e177a0e54bfe1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
132 B 40ms
39ms Image
image/gif 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=262083632&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=YCDAiEABBAAAAGAEK~&jid=&gjid=&cid=1890510894.1710282326&tid=UA-73658561-7&_gid=464249956.1710282326&gtm=45He43b0n71NTQZ9Nv72410129za200&cd41=anonymous&cd58=t&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&gcd=13l3l3l3l1&dma=0&z=1944450624

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 08:24:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50475
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
56 B 48ms
48ms Ping
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-0YWKLMCX4D&gtm=45je43b0v9102512289z872350723za200&_p=1710282323024&gcd=13l3l3l3l1&npa=0&dma=0&cid=1890510894.1710282326&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710282326&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&dt=MAGA&en=page_view&_fv=1&_ss=1&ep.cookieDomain=auto&tfd=4609
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11091438865/ 2 KB
2 KB 145ms
64ms Script
text/javascript 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11091438865/?random=1710282326372&cv=11&fst=1710282326372&bg=ffffff&guid=ON&async=1&gtm=45je43b0v9102512289z872350723za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&hn=www.googleadservices.com&frm=0&tiba=MAGA&npa=0&pscdl=noapi&auid=712451288.1710282325&uamb=0&uaw=0&fdr=QA&data=event%3Dgtag.config%3BcookieDomain%3Dauto&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5abdd812a3bba25a9e822998591ff0d8605bc0c5b0ba86e997b9d5a1470fa303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1383
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 7C28 87 KB
14 KB 45ms
44ms Script
text/javascript 2600:9000:2514:1e00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2514:1e00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:20:41 GMT
content-encoding: br
via: 1.1 6379820fbac3eca5570c58b520f7931e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
age: 286
x-content-type-options: nosniff
etag: W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop: JFK50-P8
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: Ltkz0vN6yk9_gJRQs7AtgjA-nL6SjTGskwXHk3NMXRyMYZLoVrAzcQ==

GET
H2 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 5AE2 19 KB
8 KB 74ms
73ms Document
text/html 2607:f8b0:4004:c19::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b5cdd130bbbfbd8f1949de441f3118018e8671958ea4efe6306c2f214d53388c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-jGqXvF7IaYRAx9ivOPewYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-jGqXvF7IaYRAx9ivOPewYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Tue, 12 Mar 2024 22:25:26 GMT
expires: Tue, 12 Mar 2024 22:25:26 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjqtHikmJw1ZBiWF4qxVBRK8WwZKYUw2L-XUyeNTeZOvfcZFrX9YhpYftTJk2uZ0z1Uc-YZvI-ZxJ885zp3ZeXTBxfXzJJALEaEG_38WAR85nOeiR6OivfuumsKkCsuX46ayAQO6XPYA0AYp_6GaxRQNx68xzrZCAW4uG4tubwejaBD-se3GIEAF9qN6Q"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 345ms
182ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=7a626b32-a7f5-44ed-8ff2-2b33ac184cf4&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=2f2c4a96-e483-42a5-96c7-50e85ddeaa51&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&tw_iframe_status=0&txn_id=of93e&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-response-time: 80
date: Tue, 12 Mar 2024 22:25:26 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 743c3748ba459954
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: e12ee4e688b869c4fb2f9ece43f4d0ccfa34515e5d1ae95a43cffa3c18e69621
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
722 B 267ms
102ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=7a626b32-a7f5-44ed-8ff2-2b33ac184cf4&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=2f2c4a96-e483-42a5-96c7-50e85ddeaa51&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&tw_iframe_status=0&txn_id=of93e&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-response-time: 7
date: Tue, 12 Mar 2024 22:25:25 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 02e4ec6131dbab32
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 90384ff16c1d1f45f5165711207adca423b08b9e3901f8e457aef204f5ded86f
content-length: 43

GET
H2 200 1599889267195467 Show response
connect.facebook.net/signals/config/ 61 KB
13 KB 47ms
46ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1599889267195467?v=2.9.148&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ff6a934bba74d3e875bb41b3a9b2ba1d4e0a650361c32836930c8ca03692773

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Mar 2024 22:25:26 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12876
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=67, rtx=0, c=61, mss=1294, tbw=62451, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: C/1cpDBpqQwYKBUnEwrBmCIHDxa1FtceCzq5NH4kKuJKywSoXYUxqLxhsNpExHvQRlE+NqIBxAoqux8/MRJVmg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
273 B 508ms
221ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:26 GMT
x-stripe-server-envoy-start-time-us: 1710282326916359
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710282326916078
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
272 B 492ms
221ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:26 GMT
x-stripe-server-envoy-start-time-us: 1710282326929004
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282326928545
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
272 B 487ms
221ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:26 GMT
x-stripe-server-envoy-start-time-us: 1710282326929374
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282326928707
access-control-allow-credentials: true
content-length: 0

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame 1723 3 KB
3 KB 196ms
195ms Fetch
application/json 198.137.150.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.137.150.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

186d8b9e774df175cdebc60529d06830a6dee83778a64c60ba005c8d39191ca4

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2621
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
271 B 556ms
307ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327015370
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282327015102
access-control-allow-credentials: true
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
68 B 62ms
61ms XHR
text/plain 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60901920-1&cid=1890510894.1710282326&jid=887434829&gjid=1098931536&_gid=464249956.1710282326&_u=YCDACEABBAAAAGAEK~&z=1638924329

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
88 KB 84ms
83ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3855c4440bfb14564325570a9a3b20ade7c46055ee316b8e562c48844cbf2b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89691
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:26 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 561ms
412ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-73658561-7&cid=1890510894.1710282326&jid=1950246034&_u=YCDAiEABBAAAAGAEK~&z=1562649638

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 collect
analytics.google.com/g/s/ 0
210 B 220ms
75ms Image
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e43b1v867905447z872410129z9867900975za200&_gsid=X6H0114PDFhgOy97L0Yimw9mPT34JTLA
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 64ms
63ms Image
text/plain 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-X6H0114PDF&cid=lrKQlIzTT%2Bf8PuB5RZyRWDrGlIodKh1RqYx0UTVx8%2Fs%3D.1710282326&gtm=45j91e43b1v867905447z872410129z9867900975za200&aip=1
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMi... Frame 5AE2 160 KB
57 KB 204ms
62ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgBTF3mnuYENcsxIDagM3VHfbTR5Q/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96957300f051afd1bc3789ff827201e803b2afee005f1f97c1e8eb91fb886950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 16:06:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 02:15:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 16:06:26 GMT

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 1FA2 474 B
397 B 71ms
70ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-d7bdfad2328223f5061c18aa1054f04d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 1
x-cache: HIT
content-length: 297
x-request-id: 8773b838-7bd3-4fba-9133-c9a076479478
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
272 B 415ms
223ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:26 GMT
x-stripe-server-envoy-start-time-us: 1710282326929508
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710282326928896
access-control-allow-credentials: true
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 171ms
135ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60901920-1&cid=1890510894.1710282326&jid=887434829&_u=YCDACEABBAAAAGAEK~&z=313063781

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=*;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;u...
adservice.google.com/ddm/fls/z/ Frame CDA5 42 B
401 B 352ms
129ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=*;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075

Requested by

Host: 9381094.fls.doubleclick.net
URL: https://9381094.fls.doubleclick.net/activityi;dc_pre=CPvfoZTi74QDFR6OfwQdAT0Kfw;src=9381094;type=pagev0;cat=djt_p0;ord=227586815485;npa=0;auiddc=712451288.1710282325;pscdl=noapi;gtm=45fe43b0z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9381094.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame 7C28 156 B
668 B 473ms
108ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9617b32d9a865bba356cfa9ce35e563046a42ee95bda8f941bcab6a94d6dd1af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Tue, 12 Mar 2024 22:25:27 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710282327081244
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710282327080869
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 /
www.facebook.com/tr/ 0
270 B 225ms
47ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1599889267195467&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&rl=&if=false&ts=1710282326688&sw=1600&sh=1200&v=2.9.148&r=stable&ec=0&o=4126&fbp=fb.1.1710282326682.1447803956&cs_est=true&ler=empty&cdl=API_unavailable&it=1710282326455&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=54, rtx=0, c=10, mss=1294, tbw=2789, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Mar 2024 22:25:26 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/11091438865/ 42 B
455 B 87ms
85ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11091438865/?random=1710282326372&cv=11&fst=1710280800000&bg=ffffff&guid=ON&async=1&gtm=45je43b0v9102512289z872350723za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&frm=0&tiba=MAGA&npa=0&data=event%3Dgtag.config%3BcookieDomain%3Dauto&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqErL2mSzkkPFHl9kEVknHvtuh-O1yAA&random=1081352552&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
271 B 278ms
222ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:26 GMT
x-stripe-server-envoy-start-time-us: 1710282326929168
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710282326928830
access-control-allow-credentials: true
content-length: 0

GET
H2 200 collect Show response
gtm.winred.com/g/ 65 B
275 B 234ms
211ms XHR
text/plain 2606:4700::6810:fa45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je43b0v867905447z872410129za200&_p=1710282323024&gcd=13l3l3l3l1&npa=0&dma=0&cid=1890510894.1710282326&ul=en-us&sr=1600x1200&_fplc=0&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710282323024&_s=2&sid=1710282326&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&dt=MAGA&en=user%20session%20start&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=-1710282321.8&epn.event_fire_time=1710282325262&ep.event_uuid=785ad7c0-1757-4e2f-b946-c7058a1e6682&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=t&ep.usercategory=anonymous&_et=7&tfd=4969&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fa45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:26 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8637333e6ebe18bc-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 enforcement-mode Show response
stripe.com/cookie-settings/ Frame CEA4 15 B
949 B 330ms
315ms Fetch
application/json 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stripe.com/cookie-settings/enforcement-mode

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-9c04ce90187e713c3e4078a363d28f07.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4

Security Headers

Name	Value
Content-Security-Policy	report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-security-policy: report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
x-stripe-server-envoy-start-time-us: 1710282327015627
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-envoy-upstream-service-time: 15
cross-origin-resource-policy: same-site
content-length: 15
x-stripe-bg-intended-route-color: blue
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 14
x-stripe-client-envoy-start-time-us: 1710282327015028
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report

POST
H2 204 collect
analytics.google.com/g/ 0
100 B 137ms
35ms Ping
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-HNR33QTX08&_ono=1&gtm=45je43b0v9164375506za200&_p=1710282323024&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=1600x1200&cid=1890510894.1710282326&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&dt=MAGA&sid=1710282326&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=5158
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 129ms
54ms Ping
text/plain 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-HNR33QTX08&cid=1890510894.1710282326&gtm=45je43b0v9164375506za200&aip=1&dma=0&gcd=13l3l3l3l2&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS... Frame 5AE2 76 KB
27 KB 57ms
43ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS1nR3appY.L.B1.O/am=gEE2/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhzUtpz8_BErk1ZP9XnLmd3VBVQnw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgBTF3mnuYENcsxIDagM3VHfbTR5Q/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91ae5a722fb8482c9395da9d9a405315b4a11ce6fd4e3d4c645706d7827010ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 16:06:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27968
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 02:15:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 16:06:35 GMT

GET
H2 200 enforcement-mode Show response
stripe.com/cookie-settings/ Frame 1723 15 B
950 B 129ms
128ms Fetch
application/json 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stripe.com/cookie-settings/enforcement-mode

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-9c04ce90187e713c3e4078a363d28f07.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4

Security Headers

Name	Value
Content-Security-Policy	report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-security-policy: report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
x-stripe-server-envoy-start-time-us: 1710282327181611
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-envoy-upstream-service-time: 17
cross-origin-resource-policy: same-site
content-length: 15
x-stripe-bg-intended-route-color: blue
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 16
x-stripe-client-envoy-start-time-us: 1710282327181110
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report

GET
H2 200 hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html Show response
js.stripe.com/v3/ Frame 8FDC 71 KB
25 KB 79ms
39ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ceabd097c1732d016e738189fbb8d3c23e1d0b39118c07ed4cd4d152280e9a26

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-LyxOZc/PCcv+NmDgkyJQD2c+eASlm8PfO2Zu9pbVujY='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8111
cache-control: max-age=31536000
content-encoding: br
content-length: 25164
content-security-policy: base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-LyxOZc/PCcv+NmDgkyJQD2c+eASlm8PfO2Zu9pbVujY='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:27 GMT
etag: "a3b4f749b18a37324c01e9425d3514b3"
last-modified: Tue, 12 Mar 2024 20:05:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 399
x-content-type-options: nosniff
x-request-id: c0aebf2c-a915-49b7-9802-ebc0112c6d14
x-served-by: cache-yyz4531-YYZ

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
271 B 149ms
106ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327293025
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282327292558
access-control-allow-credentials: true
content-length: 0

GET
H2 200 phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js Show response
js.stripe.com/v3/fingerprinted/js/ 148 KB
40 KB 89ms
48ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 7099614
x-cache: HIT
content-length: 40295
x-request-id: 695804c0-e6dc-4976-94d7-1c14d045a8d4
x-served-by: cache-yyz4531-YYZ
last-modified: Thu, 21 Dec 2023 18:13:42 GMT
server: Fastly
etag: "f7a3e754fa2fa9117506f69f618b5778"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1437

GET
H2 200 elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html Show response
js.stripe.com/v3/ Frame 1139 78 KB
17 KB 77ms
40ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

75d1efb9d4fc25b7ef206d0e4f2c3252135e9ca68a41189536e188125e6d0bdf

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8111
cache-control: max-age=31536000
content-encoding: br
content-length: 16208
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:27 GMT
etag: "ac410ddd0a141c4d3ad6d96c654149af"
last-modified: Tue, 12 Mar 2024 20:05:24 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 266
x-content-type-options: nosniff
x-request-id: c657f72a-5341-4fbc-8b1d-34d1665c9c41
x-served-by: cache-yyz4531-YYZ

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame 5AE2 1 MB
378 KB 89ms
75ms XHR
text/html 2607:f8b0:4004:c19::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7bb64d83598eab9f83194f618483d403c06df4afdf5dfca36a0a0baa7760a184

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-DqJgPzzKl5PK8aKttErijA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-DqJgPzzKl5PK8aKttErijA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayUi/web-reports?context=eJzjqtHikmJw1ZBiWF4qxVBRK8WwZKYUw2L-XUyeNTeZOvfcZFrX9YhpYftTJk2uZ0z1Uc-YZvI-ZxJ885zp3ZeXTBxfXzJJALEaEG_38WAR85nOeiR6OivfuumsKkCsuX46ayAQO6XPYA0AYp_6GaxRQNx68xzrZCAW4uG4vubwejaBG1futTACAF7jN1s"
x-ua-compatible: IE=edge
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Tue, 12 Mar 2024 22:25:27 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS... Frame 5AE2 9 KB
4 KB 38ms
36ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS1nR3appY.L.B1.O/am=gEE2/d=1/exm=Das5Le,_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhzUtpz8_BErk1ZP9XnLmd3VBVQnw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ab07b931334ac800431924661aee8cb5636f1847c8bfac3f010f4e397ea9635

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 16:06:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3748
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 02:15:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 16:06:35 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS... Frame 5AE2 37 KB
14 KB 40ms
38ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.IeCawjR7OKQ.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.nXS1nR3appY.L.B1.O/am=gEE2/d=1/exm=Das5Le,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhzUtpz8_BErk1ZP9XnLmd3VBVQnw/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd2cf7a88775de2201a8d733e452bc8a7c0fc807c2abf20da73affe5e79f78ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 16:06:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14255
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 02:15:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 16:06:35 GMT

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 206ms
85ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 161ms
54ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 157ms
57ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 204ms
86ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 206ms
85ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 152ms
54ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 138ms
55ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 203ms
87ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 199ms
82ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 128ms
58ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1139 538 KB
131 KB 53ms
52ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 8141
x-cache: HIT
content-length: 133585
x-request-id: 653ebe97-3a5f-4414-bfbf-3eb58547a87d
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2103

GET
H2 200 elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1139 25 KB
10 KB 52ms
51ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 2348336
x-cache: HIT
content-length: 9702
x-request-id: b8ac49ae-c4e4-4dc6-92cd-e349b0023e65
x-served-by: cache-yyz4531-YYZ
last-modified: Wed, 14 Feb 2024 18:03:44 GMT
server: Fastly
etag: "12873bf8979ee1f4c70fe3749e63d8a2"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1127

GET
H2 200 elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css
js.stripe.com/v3/fingerprinted/css/ Frame 1139 25 KB
4 KB 52ms
51ms Stylesheet
text/css 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-ac410ddd0a141c4d3ad6d96c654149af.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 3384147
x-cache: HIT
content-length: 4362
x-request-id: 971a7ab3-2c01-4375-a63b-9d5f3b788641
x-served-by: cache-yyz4531-YYZ
last-modified: Fri, 02 Feb 2024 18:19:28 GMT
server: Fastly
etag: "ec65bfd4737d216032b538eb56aec1bd"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1115

POST
H2 200 6 Show response
m.stripe.com/ Frame 7C28 156 B
667 B 114ms
114ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9617b32d9a865bba356cfa9ce35e563046a42ee95bda8f941bcab6a94d6dd1af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Tue, 12 Mar 2024 22:25:27 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710282327398162
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 6
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710282327397820
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 6 Show response
m.stripe.com/ Frame 7C28 156 B
669 B 158ms
157ms XHR
application/json 44.239.187.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.187.210 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-187-210.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9617b32d9a865bba356cfa9ce35e563046a42ee95bda8f941bcab6a94d6dd1af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Tue, 12 Mar 2024 22:25:27 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710282327447559
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 4
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710282327446807
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H3 200 log Show response
play.google.com/ Frame 5AE2 131 B
155 B 203ms
85ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 22:25:27 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 79ms
57ms Preflight
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Tue, 12 Mar 2024 22:25:27 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
271 B 107ms
106ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327410081
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710282327409502
access-control-allow-credentials: true
content-length: 0

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 8FDC 474 B
588 B 69ms
21ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 2
x-cache: HIT
content-length: 297
x-request-id: 283f4ba6-142b-4d23-9f77-2acc9825c28d
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3

GET
H2 200 HCaptchaInvisible.html Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame 4F3A 419 B
1 KB 231ms
51ms Document
text/html 2600:9000:21da:6c00:b:1d09:f200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-a3b4f749b18a37324c01e9425d3514b3.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:6c00:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

7046e325bee6e4ffd4581616a2b76772f5749fbd45eb77998a1b5810ed476d2e

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://hcaptcha.com https://.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://.hcaptcha.com; style-src 'self' https://hcaptcha.com https://.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 18
cache-control: max-age=60, stale-while-revalidate=900
content-length: 419
content-security-policy: base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://*.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:10 GMT
etag: "4c0d839a05613b0f5d6f591f2ff1422c"
last-modified: Tue, 05 Mar 2024 22:00:40 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding,Origin
via: 1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
x-amz-cf-id: mmnbZfVACrewiqs2B_WThzztvhitwJTPUbtYe4JqZbkavz8LPeNOHA==
x-amz-cf-pop: EWR53-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html Show response
js.stripe.com/v3/ Frame 6E12 820 B
1 KB 40ms
37ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

6fe938274e8a1e6b4ef1003b74eac29fc8ac6019476c094664f30ec269c42520

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8088
cache-control: max-age=31536000
content-encoding: br
content-length: 371
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 22:25:27 GMT
etag: "92428c4bfcd1d32f12a376eedb1f81da"
last-modified: Tue, 12 Mar 2024 20:05:24 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 107
x-content-type-options: nosniff
x-request-id: e3d5dace-ab03-49c9-8a58-8b6a854d0012
x-served-by: cache-yyz4531-YYZ

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
272 B 115ms
114ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327550262
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1710282327549485
access-control-allow-credentials: true
content-length: 0

GET
H2 200 shared-5addb1e7d973e81d47f5f6605920a70c.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6E12 538 KB
131 KB 56ms
53ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 8142
x-cache: HIT
content-length: 133585
x-request-id: af9750c8-fa0c-467c-88fa-d2dcffa08821
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:36 GMT
server: Fastly
etag: "c8c8a4b202c504fc4942255ce70731c3"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2105

GET
H2 200 ui-shared-fbd319e5fff68d0189292672b24ac4f9.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6E12 415 KB
118 KB 54ms
51ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-fbd319e5fff68d0189292672b24ac4f9.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

cc65ba9c1b0699aba0f63a6ea34b6bffd232b5e556f9de787dad852f491bb097

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 8112
x-cache: HIT
content-length: 120197
x-request-id: 07650ef9-9cd8-4ced-90fd-89e5ec04fc38
x-served-by: cache-yyz4531-YYZ
last-modified: Tue, 12 Mar 2024 20:05:37 GMT
server: Fastly
etag: "5d8b42e60513ef25cfceb448c51c0793"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 395

GET
H2 200 elements-inner-payment-request-5045daf48c86b743da2874b548c46415.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6E12 73 KB
26 KB 106ms
105ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-payment-request-5045daf48c86b743da2874b548c46415.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

80354fb397ad4656fa5814c41d9fd5464583c402b2b5a95cb649875927931743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 706435
x-cache: HIT
content-length: 25968
x-request-id: b5890fa0-c457-48e6-8dbb-a7155c08643a
x-served-by: cache-yyz4531-YYZ
last-modified: Mon, 04 Mar 2024 18:06:16 GMT
server: Fastly
etag: "654586738640c3c5cbfea23a1dc67e7d"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 595

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame 6E12 20 KB
3 KB 54ms
52ms Stylesheet
text/css 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 20051883
x-cache: HIT
content-length: 3304
x-request-id: 551686a3-7a46-42fd-bf1f-262db077cf55
x-served-by: cache-yyz4531-YYZ
last-modified: Mon, 24 Jul 2023 20:23:04 GMT
server: Fastly
etag: "b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2178

GET
H2 200 elements-inner-payment-request-30c75c9984170b682d45e5a26a564e7b.css
js.stripe.com/v3/fingerprinted/css/ Frame 6E12 11 KB
3 KB 54ms
52ms Stylesheet
text/css 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-payment-request-30c75c9984170b682d45e5a26a564e7b.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b86c2a2bbfa9454750609b50a03f9510289842fc2268544bfc53921e1d9e65e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:27 GMT
via: 1.1 varnish
age: 706435
x-cache: HIT
content-length: 2577
x-request-id: a965de88-f541-48fd-825b-dc03b2f57f1e
x-served-by: cache-yyz4531-YYZ
last-modified: Mon, 04 Mar 2024 18:06:05 GMT
server: Fastly
etag: "fa32759e8db8ce19c25f0147f1281e2d"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 584

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
273 B 118ms
117ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327633699
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282327633438
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
273 B 115ms
114ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327636174
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282327635485
access-control-allow-credentials: true
content-length: 0

GET
H2 200 api.js Show response
hcaptcha.com/1/ Frame 4F3A 377 KB
107 KB 132ms
48ms Script
application/javascript 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

750f6a30aa74cee4a406a9ca10d868dddde5350fb61cb8b759448234c86427e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0cf68108b8820db4a096a661da0108ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: PoBSXcmB5F64Rz4TNYwufNp2R.NhFp8.
age: 0
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 08 Mar 2024 16:04:16 GMT
server: cloudflare
etag: W/"ac7461d878bb2e38591344a504209a19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
cf-ray: 863733446876a22f-YYZ
x-amz-cf-id: 6sWJ5ARgAcB6rVFCITYd3Mq4VvJ2NEsMG3dfBpLqruGhKD75fPKShg==

GET
H2 200 vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame 4F3A 114 KB
35 KB 58ms
53ms Script
text/javascript 2600:9000:21da:6c00:b:1d09:f200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:6c00:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

fa38eebb1eca7c94241152ae35cec12209d942905dc49f6d00dbe50636441258

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:12:25 GMT
via: 1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
age: 783
x-amz-cf-pop: EWR53-C1
x-cache: Hit from cloudfront
last-modified: Tue, 05 Mar 2024 22:00:41 GMT
server: Cloudfront
etag: W/"74e21b04fc13efe6e788fca7016ae74c"
vary: Accept-Encoding,Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
timing-allow-origin: *
x-amz-cf-id: _Mg_z-FpVV1_J56iujbgXUrQdG0_aLqKiu-jLEqaIAwkCxkQh2AphQ==

GET
H2 200 HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame 4F3A 18 KB
7 KB 88ms
82ms Script
text/javascript 2600:9000:21da:6c00:b:1d09:f200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:6c00:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

eccf72d793ee9369fb1c8217a3cebd89e035b728e6eae08b7e12332886b0f95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=8d2b3814-cea2-4483-abf6-5064d5a20fa7&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 21:35:49 GMT
via: 1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
age: 2979
x-amz-cf-pop: EWR53-C1
x-cache: Hit from cloudfront
last-modified: Tue, 05 Mar 2024 22:00:40 GMT
server: Cloudfront
etag: W/"a80d2ecbea406dbe1714fbf225519147"
vary: Accept-Encoding,Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
timing-allow-origin: *
x-amz-cf-id: l6uEblf9kVlN-Za5lumUw9_oEQwMZArr4OMiXOejZ2f7SGWpGNFdoQ==

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 6E12 474 B
371 B 37ms
27ms Fetch
application/json 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-payment-request-92428c4bfcd1d32f12a376eedb1f81da.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 2
x-cache: HIT
content-length: 297
x-request-id: 14b82f23-f7a8-4c46-9c06-8827eae73665
x-served-by: cache-yyz4550-YYZ
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "1d7ad3a39bed7b2d583ab52bc969612b"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4

POST
H2 200 b Show response
r.stripe.com/ Frame 1FA2 0
272 B 115ms
105ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:27 GMT
x-stripe-server-envoy-start-time-us: 1710282327836744
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282327836081
access-control-allow-credentials: true
content-length: 0

POST
H3 204 rum Show response
secure.winred.com/cdn-cgi/ 0
143 B 83ms
42ms XHR
text/plain 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/json

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://secure.winred.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 863733455df88c7d-EWR

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
84 KB 89ms
74ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11094181768

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

905c58199ab944195f03969246a42f989b67123ca464bf8d68fe7e2a858eff48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85755
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:26:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 22:25:27 GMT

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/0bef4b8/static/ Frame 9EBC 2 KB
1 KB 48ms
38ms Document
text/html 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0bef4b8/static/hcaptcha.html?_v=jckdgozqp0j

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

977056a7ed50228dddc3c9a6f7d57b66be9bb625cd08124578f9a9deda63cfdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://b.stripecdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 107603
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 863733459ab4a22f-YYZ
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 22:25:27 GMT
last-modified: Fri, 08 Mar 2024 16:04:16 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 5e2f1ed3ba0ab1e08304bb3d134360de.cloudfront.net (CloudFront)
x-amz-cf-id: haDPXoPZl7tiRqEY-wfIapL-T54VHkcg0I2KaAf_T94KSFDFg9RmAQ==
x-amz-cf-pop: YTO50-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: iE61uqcqg.i9cUJnfTwsemfJz3atDhwo
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
271 B 123ms
121ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:28 GMT
x-stripe-server-envoy-start-time-us: 1710282328009824
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710282328009491
access-control-allow-credentials: true
content-length: 0

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/0bef4b8/ Frame 9EBC 377 KB
107 KB 333ms
310ms Script
application/javascript 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0bef4b8/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/static/hcaptcha.html?_v=jckdgozqp0j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

750f6a30aa74cee4a406a9ca10d868dddde5350fb61cb8b759448234c86427e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/static/hcaptcha.html?_v=jckdgozqp0j
Origin: https://newassets.hcaptcha.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0cf68108b8820db4a096a661da0108ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: PoBSXcmB5F64Rz4TNYwufNp2R.NhFp8.
age: 126903
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 08 Mar 2024 16:04:16 GMT
server: cloudflare
etag: W/"ac7461d878bb2e38591344a504209a19"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 86373346ed23a22f-YYZ
x-amz-cf-id: 6sWJ5ARgAcB6rVFCITYd3Mq4VvJ2NEsMG3dfBpLqruGhKD75fPKShg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11094181768/ 2 KB
2 KB 63ms
61ms Script
text/javascript 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11094181768/?random=1710282328151&cv=11&fst=1710282328151&bg=ffffff&guid=ON&async=1&gtm=45be43b0v9102692410za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&hn=www.googleadservices.com&frm=0&tiba=MAGA&npa=0&pscdl=noapi&auid=712451288.1710282325&uamb=0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11094181768

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce9a485dc8bf9885000e3808ee822656aaea51977a4cfc00b82351100c66c149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1376
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/11094181768/ 42 B
108 B 68ms
67ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11094181768/?random=1710282328151&cv=11&fst=1710280800000&bg=ffffff&guid=ON&async=1&gtm=45be43b0v9102692410za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&frm=0&tiba=MAGA&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqOcSuJ-4628gswMOS-_R9VeYSt53TfT9GeT1TxQLMvco7xjIT&random=1509750480&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 22:25:28 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame CEA4 0
272 B 112ms
111ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:28 GMT
x-stripe-server-envoy-start-time-us: 1710282328565118
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1710282328564884
access-control-allow-credentials: true
content-length: 0

POST
H2 200 checksiteconfig Show response
api2.hcaptcha.com/ Frame 9EBC 719 B
913 B 89ms
67ms XHR
application/json 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.hcaptcha.com/checksiteconfig?v=0bef4b8&host=b.stripecdn.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&sc=1&swa=1&spst=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

035352fbdf56c91330502484465b4b08f5553706653f3e0cd54a0a8dfdb263b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 22:25:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 8637334a7c32a22f-YYZ
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
alt-svc: h3=":443"; ma=86400

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/4753532/ Frame 9EBC 505 KB
220 KB 67ms
66ms Script
application/javascript 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/4753532/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0dc7511f9f3b8369a23f2a94f49b27b025a3719b0fba66b2c20701d6ab82820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/static/hcaptcha.html?_v=jckdgozqp0j
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 16808c837fedc33331e77d172952efee.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: xYmORh03N7Se5zk_65rH8kcKE5HmZuvB
age: 13562
x-amz-cf-pop: YTO50-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Feb 2024 12:49:07 GMT
server: cloudflare
etag: W/"33b2f95bda4299b75e695ffc983fcda5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 8637334b3ded36ac-YYZ
x-amz-cf-id: -LN1iEQvv4dtBpHicmlHVag3h2lxLXZ7zFwu3AgXFHJIcCDbncLEGw==

POST
H2 200 463b917e-e264-403f-ad34-34af0ee10294 Show response
api.hcaptcha.com/getcaptcha/ Frame 9EBC 3 KB
3 KB 308ms
289ms XHR
application/octet-stream 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hcaptcha.com/getcaptcha/463b917e-e264-403f-ad34-34af0ee10294

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0bef4b8/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4fe821b9d56f2064de718ddfedf6ee6cbc3ca5d560c43bd795d5a1100a43dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json, application/octet-stream
Referer: https://newassets.hcaptcha.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 22:25:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 863733527b27a22f-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 3273

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/3/ 255 KB
56 KB 38ms
36ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/3/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1869f3c799186ad29aa2996195c838024ad3aacc77d32d1acfae19b7f76a0d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:33:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56717
x-xss-protection: 0
last-modified: Tue, 05 Mar 2024 00:18:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 17:33:11 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/3/ 180 KB
56 KB 59ms
58ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/3/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b39eb45d39e9f00365df95ad79c4341cf04b63c43090fb3adc292e61352fc533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:04:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56817
x-xss-protection: 0
last-modified: Tue, 05 Mar 2024 00:18:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 22:04:35 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame 1723 0
272 B 103ms
102ms Fetch
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-5addb1e7d973e81d47f5f6605920a70c.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-119-242.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 12 Mar 2024 22:25:31 GMT
x-stripe-server-envoy-start-time-us: 1710282331339277
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710282331339021
access-control-allow-credentials: true
content-length: 0

GET
H2 200 trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js Show response
js.stripe.com/v3/fingerprinted/js/ 176 B
283 B 35ms
35ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 22:25:32 GMT
via: 1.1 varnish
age: 7099612
x-cache: HIT
content-length: 127
x-request-id: 11277ca5-fcee-4158-a40d-883ac19c2833
x-served-by: cache-yyz4531-YYZ
last-modified: Thu, 21 Dec 2023 18:13:43 GMT
server: Fastly
etag: "96f5b26d366f47393b3ff36fe7471474"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4825

GET
H3 200 collect Show response
gtm.winred.com/g/ 65 B
388 B 371ms
370ms XHR
text/plain 2606:4700::6810:fa45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je43b0v867905447z872410129za200&_p=1710282323024&gcd=13l3l3l3l1&npa=0&dma=0&cid=1890510894.1710282326&ul=en-us&sr=1600x1200&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710282323024&_s=3&sid=1710282326&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240310_ScillaXL-GP8.113086_t1459701-3075%26ex_tid%3D20240310_ScillaXL-GP8.113086_t1459701-3075&dt=MAGA&en=page_load_time_event&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=6.1&epn.event_fire_time=1710282327859&ep.event_uuid=466578c8-61d3-4c86-bd2f-5931c8dbfbcf&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=t&ep.usercategory=anonymous&epn.loading_time_sec_on_window_load=6.09&_et=1676&tfd=11135&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:fa45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 22:25:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 86373364bc7a4213-EWR
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.winred.com/api/v3/users	1970-01-21 04:40:42	Name: rvid Value: d2b5774c-4681-4c87-9086-d543c8b117a8
.secure.winred.com/	1970-01-20 19:04:44	Name: __cf_bm Value: IS6hj.0i3NXJFGz_L7FiDv94RYO7aF8Kxlh4M6JYIto-1710282322-1.0.1.1-V0C4EQ0dzPBxXSom69O4O6X7EQjsHXDtDBA43nWHMgNPzI4v.r1my.MxQrmPKrPpO.xmNPYJjf_yXrBwsgUa6Q
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: OFJIdEV6NTF1Y2N4ckhPTytWNWtTaXdObks0RjkwaVhPc3FjZjRtSmdoME95WHJRRFEvT3czV0dkcTdGV0toYjhEUHN2eW9HZTk4eFFzNy9FNWwxK2hJaFBsZVZtSmpuRUIvcFhSY3ZPbEtIKzkxU2VDc2ZMZUFrOHJLZVg2VUpXb0tCMTF1cW1PcGdxM05TTmR2OVZDcDlVR0FqR09kdFI3THZtalF6TkhVSmVoeFN2ZmpqTHR3UjRlbEN5UEVOY3BGeGxhTkFsaDVlYWdxalgyYW50RWpMY1FveHJDK3lWNGV3M2RQdWRGUmlGREhDRkhyamlObE5WVnplUlhxNE1MTWtZQmJybzRRc0tndURqRHM1KzA4NEdwcHI1ZDJMdVlvZStIZ3FJY0RWZ0ZwVjBuY2I5MmNmZ2orbDZqSWlhSFJab1pjalFtTUQrQTA0T29iR2pwV2JDb01YUU1EamVYWjVjaUZpSnc4PS0tWTAxR0VqblFuZ2FVSnV0SENjR1dXQT09--eabb7c34579ef09275205a6be4a34da1686a8330
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-21 04:40:42	Name: rvid Value: d2b5774c-4681-4c87-9086-d543c8b117a8
.winred.com/	1970-01-20 21:14:18	Name: _gcl_au Value: 1.1.712451288.1710282325
.secure.winred.com/	1970-01-21 03:50:18	Name: cf_clearance Value: IM96EqBpBjxK7fXpYswqAih3LmhUin.CCXw24xybVvc-1710282325-1.0.1.1-aFU_6OQcTKynh4FeUeS0tzxdD3LKWMQxH2p2bs4YjVE_w5Rn2o_VlmGsYgaAIkWlGy01r0LwpktF7nLMDziBlQ
.winred.com/	1970-01-20 19:06:08	Name: _gid Value: GA1.2.464249956.1710282326
.winred.com/	1970-01-20 19:04:42	Name: _dc_gtm_UA-73658561-7 Value: 1
.winred.com/	1970-01-20 19:04:42	Name: _gat_UA-60901920-1 Value: 1
.winred.com/	1970-01-21 04:40:42	Name: _ga_0YWKLMCX4D Value: GS1.1.1710282326.1.0.1710282326.0.0.0
.winred.com/	1970-01-21 04:40:42	Name: _ga Value: GA1.1.1890510894.1710282326
secure.winred.com/	1970-01-20 21:28:42	Name: _cids Value: W10=
.winred.com/	1970-01-21 04:40:42	Name: FPID Value: FPID2.2.lrKQlIzTT%2Bf8PuB5RZyRWDrGlIodKh1RqYx0UTVx8%2Fs%3D.1710282326
.winred.com/	1970-01-20 19:04:44	Name: FPGSID Value: 1.1710282326.1710282326.G-X6H0114PDF.hgOy97L0Yimw9mPT34JTLA
.doubleclick.net/	1970-01-20 23:23:54	Name: receive-cookie-deprecation Value: 1
.winred.com/	1970-01-20 21:14:18	Name: _fbp Value: fb.1.1710282326682.1447803956
.twitter.com/	1970-01-21 04:40:42	Name: guest_id_marketing Value: v1%3A171028232665735330
.twitter.com/	1970-01-21 04:40:42	Name: guest_id_ads Value: v1%3A171028232665735330
.twitter.com/	1970-01-21 04:40:42	Name: personalization_id Value: "v1_/tKUnIyXqwfNhYm38l0gww=="
.twitter.com/	1970-01-21 04:40:42	Name: guest_id Value: v1%3A171028232665735330
.t.co/	1970-01-21 04:40:42	Name: muc_ads Value: af33d961-8f28-4ec3-b3e4-eea9266eb0b1
.winred.com/	1970-01-21 04:40:42	Name: _ga_HNR33QTX08 Value: GS1.2.1710282326.1.0.1710282326.60.0.0
.winred.com/	1970-01-20 19:05:54	Name: FPLC Value: FH23phV%2BozT8WHgIhd9P82meS3LzYizp7uxSLZA%2ByxzZ8tid0u5u5ZSgVt1rhArjVAP%2BEHRN4RKXZXxoJ%2BccdebXwsOfVoOQl8tVgR9TPuPaFejbL6bYNB4WFHfTEA%3D%3D
m.stripe.com/	1970-01-21 04:40:42	Name: m Value: 0457fde4-63ce-431a-b0d8-a8f4760303e4a796ce
.secure.winred.com/	1970-01-21 03:50:18	Name: __stripe_mid Value: defe62fc-e34f-4d33-8832-6f364d97e832fb35f8
.secure.winred.com/	1970-01-20 19:04:44	Name: __stripe_sid Value: 1057a523-fa3f-4f1d-bde8-ddbb1322843181b116
.google.com/	1970-01-20 23:28:13	Name: NID Value: 512=RU6pbhZLNnCMfTdEhtBTLcIT42lKbnqeqWolajOnZQ7dCwRgPOrFH6-AGhpujIxci5vJe4bACoP6q4iKDaGCufoeOwr27T4qVnFaDAl_dACdWYShu_LpP-IchZH_8ZfnLfSepVRw0o0-8xm8T-LiZ-3kpxDRt2bhDIR5N2t9sdc
.winred.com/	1970-01-21 04:40:42	Name: _ga_X6H0114PDF Value: GS1.1.1710282326.1.0.1710282327.0.0.0
.doubleclick.net/	1970-01-21 04:40:42	Name: IDE Value: AHWqTUn3PQSt4EcLKBtPxFE2e5AAlwS4DtrWNqir3CihxeCkfdeJZxNIgZD1sY4l
api2.hcaptcha.com/	1970-01-20 19:04:44	Name: __cflb Value: 0H28vk2VKwPbLoawFincekpozDKK5F2coTZfztC1Sjw
api.hcaptcha.com/	1970-01-20 19:47:54	Name: hmt_id Value: 5573fc3d-c305-4945-8974-a41e95904511

41 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1599889267195467?v=2.9.148&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240310_ScillaXL-GP8.113086_t1459701-3075&ex_tid=20240310_ScillaXL-GP8.113086_t1459701-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9381094.fls.doubleclick.net
a.ads.rmbl.ws
adservice.google.com
analytics.google.com
analytics.twitter.com
api.hcaptcha.com
api2.hcaptcha.com
app.winred.com
b.stripecdn.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
gtm.winred.com
hcaptcha.com
js.stripe.com
lh7-us.googleusercontent.com
m.stripe.com
m.stripe.network
maps.googleapis.com
merchant-ui-api.stripe.com
newassets.hcaptcha.com
nolib.us
pay.google.com
play.google.com
r.stripe.com
secure.winred.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stripe.com
t.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
104.19.219.90
104.244.42.197
104.244.42.67
142.251.40.198
146.75.28.157
151.101.0.176
198.137.150.201
2001:4860:4802:34::181
2600:9000:21da:6c00:b:1d09:f200:93a1
2600:9000:247b:9000:0:7d26:ee00:93a1
2600:9000:2514:1e00:19:7d10:bd80:93a1
2606:4700::6810:5049
2606:4700::6810:fa45
2606:4700::6813:d359
2607:f8b0:4004:c06::9a
2607:f8b0:4004:c19::5c
2607:f8b0:4006:808::2004
2607:f8b0:4006:80a::2002
2607:f8b0:4006:80e::2003
2607:f8b0:4006:80e::200e
2607:f8b0:4006:80f::200e
2607:f8b0:4006:817::2002
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81d::200a
2607:f8b0:4006:823::2008
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
38.70.189.71
44.239.187.210
54.187.119.242
75.2.108.118
99.83.253.106
007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f
035352fbdf56c91330502484465b4b08f5553706653f3e0cd54a0a8dfdb263b1
063054879eec7d015ae3fbee4997239dd1bd2016456a74987fb57ebc864a1a22
06e9cfa1e2fb5b8269f55ebb7dc5ced06737bc1e3faec047ca535265a9d7ac85
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
080e639ef819bcba817a7a0139b5cb235783c346a0697711f393963f8b63c21a
1869f3c799186ad29aa2996195c838024ad3aacc77d32d1acfae19b7f76a0d09
186d8b9e774df175cdebc60529d06830a6dee83778a64c60ba005c8d39191ca4
1b563eda3dbdadcc71e09378d95a6c9f338b9d68b685742c67f07a9a924edb1f
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d0815d0aeaf770efed263e912de5834d22e87f91a00ad058cf421dddeac12b1
2228ef8bb1759e2fc21769c6565aa61fcff680a1734cfe158552cbb96851a4ef
335b041a57cb1746b5b1634e9537f532503d6691d825dcfc1b4babba301fc3d0
34a5294ed39590267d66f164e00e3d22de04aa012c5505bb21065fb41fab0fbd
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
3855c4440bfb14564325570a9a3b20ade7c46055ee316b8e562c48844cbf2b0b
394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d
399ed7eb70f7e8714abf92fdd3856046708f5a60a9bf96f3de21372d06cf313b
3b29e3553ee55ac4c8de38e8ef1db291defe373a045ed6f43c504126a62af97c
4562ab90ec43ccae0cc2070788894ecfa6823800f3634cd2d2e400dbba6d0a27
46311e8ed501f8db5fb8f70d41a42bb114c26b13bb130c4e48cb8e87e7aeb054
4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5047126798bb752d48166488c4c4dbfb8f66ddd018545b9bbbe73a7204b86194
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
52ff61f8a3c0bc6a5cb3dc91ae468fdee25845bc9863bc943a6b1a6e3cfe371b
5abdd812a3bba25a9e822998591ff0d8605bc0c5b0ba86e997b9d5a1470fa303
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
5ff6a934bba74d3e875bb41b3a9b2ba1d4e0a650361c32836930c8ca03692773
6037734d0ad3dd7b2f31955aeeb4b34e2316f726e1bd884d7dbc979649570049
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6107b0d3cc386025d24b1e78350469c1e9b51e6611d67fc6b24f2abb181b94c8
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9
641defe78e044cbd72e13110f131016fc26c1e8b00ef29ad142e177a0e54bfe1
6a7dd8e0dff72d9bdaacadd6db1ace750b122b0d9899e8eba5a5116d846838a0
6ab07b931334ac800431924661aee8cb5636f1847c8bfac3f010f4e397ea9635
6fa3e3c6540600d9350822d57e6844187ffb140e90652b864f6489e18a0cd89a
6fe938274e8a1e6b4ef1003b74eac29fc8ac6019476c094664f30ec269c42520
7046e325bee6e4ffd4581616a2b76772f5749fbd45eb77998a1b5810ed476d2e
71f4b3bb8c6120156bf56f71d9a7a629bf9b68403407f79a7ea8e5e48bd0d63a
73b9a4cedb4a676f5f305b18228db59d583fbff650cb25dc018a27a76f197452
750f6a30aa74cee4a406a9ca10d868dddde5350fb61cb8b759448234c86427e7
75d1efb9d4fc25b7ef206d0e4f2c3252135e9ca68a41189536e188125e6d0bdf
770e44412f25ebcf66534320437c6360da600a64ea5819ec7b6bd90ddce55d74
7bb64d83598eab9f83194f618483d403c06df4afdf5dfca36a0a0baa7760a184
7d5a6c4ce646f997c578885ffb719de22a3dd0bc91e381144de69462541a48ec
80354fb397ad4656fa5814c41d9fd5464583c402b2b5a95cb649875927931743
81a6832550bd52d1c44e1e63c2d9137a441dd53d31302c3070000403d032b012
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8726b07c568b9c0beb4f94f28032b44b05ed250511375c86a1804b2d1db67f63
876c9fbc40caf66857e2c60e1beda36be04b73165a28c1dbac9fd4f58dcb6e36
8f3218768964984bb0041129c746b23b799e4886c0c022de1208514a404aca99
905c58199ab944195f03969246a42f989b67123ca464bf8d68fe7e2a858eff48
91ae5a722fb8482c9395da9d9a405315b4a11ce6fd4e3d4c645706d7827010ac
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
9617b32d9a865bba356cfa9ce35e563046a42ee95bda8f941bcab6a94d6dd1af
961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca
96957300f051afd1bc3789ff827201e803b2afee005f1f97c1e8eb91fb886950
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
977056a7ed50228dddc3c9a6f7d57b66be9bb625cd08124578f9a9deda63cfdd
9a0fea60b23cab2006d139b4934661a679771385be7e2ce011e4797a62bb5199
9c6118142b959d48f825b11ab7ab9cbb551681de4764b45868f0417817c2243b
a4fe821b9d56f2064de718ddfedf6ee6cbc3ca5d560c43bd795d5a1100a43dab
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae4b8882f645118d465f8c358dfac391ed9da402a1d9a4b74052b74827ebf5eb
afce38c87202e11427285400864e9a0bfdc9350f887453eaa7b9ec1f1a1374de
b0dc7511f9f3b8369a23f2a94f49b27b025a3719b0fba66b2c20701d6ab82820
b39eb45d39e9f00365df95ad79c4341cf04b63c43090fb3adc292e61352fc533
b5655894dd68d2a4b95939cb802272f1f03c41d2a5f20b9cbacc12d926d19458
b5cdd130bbbfbd8f1949de441f3118018e8671958ea4efe6306c2f214d53388c
b86c2a2bbfa9454750609b50a03f9510289842fc2268544bfc53921e1d9e65e3
b94b05ccc912f4deadb7dffd20326ce301931340c02efcb1e2a80fb55c59c6c2
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bd2cf7a88775de2201a8d733e452bc8a7c0fc807c2abf20da73affe5e79f78ea
be92d9673bff24b4647b2f0f2db11c87a57ba3355e40ebba73da38660179970e
c2e185cedd939e694d396925b8b0644d0fc2629cd018686dc17ff9f489575676
c3c2125ebaeb07268bbc110c5f11486686b0d1b756115142dfbfc855cf82ba43
c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9
c6ace389ea986b23ff7cfb2f858fe5ee78ac705dcf7a05004d87caa2867521a4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc65ba9c1b0699aba0f63a6ea34b6bffd232b5e556f9de787dad852f491bb097
ce483bd57a7d0576c16db84df9cf92b4d94a2c8472f3254dbd2a759704d0fbfd
ce9a485dc8bf9885000e3808ee822656aaea51977a4cfc00b82351100c66c149
ceabd097c1732d016e738189fbb8d3c23e1d0b39118c07ed4cd4d152280e9a26
cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d5406207e5868e216bf005288acb1c8cd3b8c03baaf78a1f3f39e9876fa7972a
d640ae9ba36d2d297119da69e4446915e54c53e7598cf05eda4c6cdd5529312c
d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b
eccf72d793ee9369fb1c8217a3cebd89e035b728e6eae08b7e12332886b0f95e
eea707b59fbf2eefc574c9aee5d76fad50c4f48dfebef82540a86225d45b9e3e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05270c012f1cc9f1e631a07b1d87079e95aa73c95df82eeace0e9daf8e36373
fa38eebb1eca7c94241152ae35cec12209d942905dc49f6d00dbe50636441258
fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c
ff3bcb4b6ff50975328f38e8553353ce3c0a5bf93a578f9c4d6affc81870c349
ff8ecca72ee1ad26b150b7f4ab7b3dc8dbb119fd764e7acbe5dee40f7837a22f

secure.winred.com Open in urlscan Pro 2606:4700::6813:d359 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

165 Requests

99 %HTTPS

63 %IPv6

21 Domains

36 Subdomains

30 IPs

3 Countries

7577 kBTransfer

17969 kBSize

33 Cookies

9 Outgoing links

Page URL History

Redirected requests

165 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700::6813:d359 Public Scan

Screenshot
Live screenshot

Full Image

165
Requests

99 %
HTTPS

63 %
IPv6

21
Domains

36
Subdomains

30
IPs

3
Countries

7577 kB
Transfer

17969 kB
Size

33
Cookies

165 HTTP transactions
0 data transactions