secure.winred.com Open in urlscan Pro
2606:4700::6813:d459 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&...
Submission Tags: falconsandbox
Submission: On September 01 via api (September 1st 2024, 4:14:56 pm UTC) from US — Scanned from CA

Summary HTTP 50 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 14 IPs in 1 countries across 13 domains to perform 50 HTTP transactions. The main IP is 2606:4700::6813:d459, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 60737.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2024. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	2606:4700::68... 2606:4700::6813:d459	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.64.176 151.101.64.176	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4006:80b::200a	15169 (GOOGLE) (GOOGLE)
3	2600:9000:26f... 2600:9000:26fa:dc00:0:7d26:ee00:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
5	2607:f8b0:400... 2607:f8b0:4006:80f::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2606:4700::68... 2606:4700::6810:e534	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c06::9b	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:80f::2003	15169 (GOOGLE) (GOOGLE)
50	14

11 2606:4700::6813:d459 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.revv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80b::200a (United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26fa:dc00:0:7d26:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.192.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80f::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:e534 (United States)

ASN13335 (CLOUDFLARENET, US)

gtm.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::9b (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80f::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	winred.com 1 redirects secure.winred.com — Cisco Umbrella Rank: 60737 gtm.winred.com — Cisco Umbrella Rank: 180080	210 KB
9	stripe.com js.stripe.com — Cisco Umbrella Rank: 2856	157 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	21 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	538 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 567	225 KB
3	google.ca www.google.ca — Cisco Umbrella Rank: 9677	189 B
3	cloudfront.net d35ligi1n5bgzc.cloudfront.net	265 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	404 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	70 KB
1	google.com analytics.google.com — Cisco Umbrella Rank: 238	201 B
1	revv.co app.revv.co — Cisco Umbrella Rank: 298907	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1223	7 KB
50	13

	Domain	Requested by
10	secure.winred.com	1 redirects secure.winred.com static.cloudflareinsights.com
9	js.stripe.com	secure.winred.com js.stripe.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com secure.winred.com
5	www.googletagmanager.com	secure.winred.com www.googletagmanager.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	www.google.ca	secure.winred.com
3	gtm.winred.com	www.googletagmanager.com
3	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
2	www.facebook.com	secure.winred.com
2	stats.g.doubleclick.net	www.google-analytics.com secure.winred.com
2	connect.facebook.net	secure.winred.com connect.facebook.net
1	analytics.google.com	secure.winred.com
1	app.revv.co	secure.winred.com
1	static.cloudflareinsights.com	secure.winred.com
50	14

This site contains links to these domains. Also see Links.

Domain
winred.com
emmerforcongress.com
act.tomemmer.com

Subject Issuer	Validity	Valid
secure.winred.com Cloudflare Inc ECC CA-3	`2024-01-22` - `2024-12-31`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-08-29` - `2024-12-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
revv.co WE1	`2024-07-04` - `2024-10-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-11` - `2024-09-09`	3 months	crt.sh
winred.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.google.ca WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
Frame ID: F6FE650D613CDF2BFD812B8226B63841
Requests: 41 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html
Frame ID: D54449E05F74976BF1EC95BFD194EF0B
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-b1344a4c4def8e303f93ab07a5fd5917.html
Frame ID: 4F3AEB73FE132238E0B57C834099281E
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html
Frame ID: F21546D497F551ACE4D0651197505598
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-8507f9b29e3db32fbac32c17ffd1d1a4.html
Frame ID: D31C283E0621BA339F0E03271F6023A3
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-d4dd9b4eb039b9102dc27ea9889ca3fc.html
Frame ID: 7E62C9122F74784844CBD96228BA246A
Requests: 1 HTTP requests in this frame

Frame: https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js
Frame ID: 33F00B9B10F7A1F29052838F03704183
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-2f909bdadae0673349d4ea790f57318b.html
Frame ID: 9FBBC7F1102BEC51E8C08DEA148FD0CF
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 78E424EB8EC99319E01618182BDABB19
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CONFIRM YOUR STATUS

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

50
Requests

98 %
HTTPS

86 %
IPv6

13
Domains

14
Subdomains

14
IPs

1
Countries

1499 kB
Transfer

4895 kB
Size

21
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://emmerforcongress.com/privacy-policy/
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://act.tomemmer.com/terms-and-conditions/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
secure.winred.com/team-emmer/gop-supporter-status/ 48 KB
13 KB 213ms
100ms Document
text/html 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bca1f0e8a0cd284ca46085d177b999860e4cbd275474eaa58c16cd53ce853e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8bc68e309c31ac52-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-rack-cors: miss; no-origin
x-request-id: 39b790e6-7ac4-44a5-9ba2-fb7c8b8ebc76
x-revv-cache: Hit from Revv
x-runtime: 0.037542
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
js.stripe.com/v3/ 650 KB
157 KB 238ms
49ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e3554df81817a851badf4b7eadbcd096d0ec3845f0d8cf0498d5e2601e3848af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Sep 2024 16:14:48 GMT
via: 1.1 varnish
age: 22
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 160484
x-request-id: 6101ad49-4b89-4927-9f5b-5993259571c3
x-served-by: cache-yul1970022-YUL
last-modified: Fri, 30 Aug 2024 20:42:51 GMT
server: Fastly
etag: "5481bc7ba8457693c55da88c373b0b74"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 13

GET
H3 200 landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css
secure.winred.com/assets/ 220 KB
34 KB 45ms
44ms Stylesheet
text/css 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c55f9ced964923aa6bb9767c8c4ac9d7f18572bcbe9ae8ee1f0c1637c679a169

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:48 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: yK_wo00dPw7K5ux2TX1gAp_ak8Ln6jY5
cf-cache-status: HIT
x-amz-request-id: 1GGTMMRWE08HZRMV
age: 5538
cf-polished: origSize=227910
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Km2C77ShXRz8T614zWidm41xipVDxdhte49nGQkEph4nxBYlq6ceLeBEN3Z4WzDQHvTmBeCMnyQ=
cf-bgj: minify
last-modified: Thu, 22 Aug 2024 01:10:57 GMT
server: cloudflare
etag: W/"0d589e3ee739618497567fffac3f6955"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 8bc68e314cb1ac52-YYZ
expires: Sun, 01 Sep 2024 20:14:48 GMT

GET
H3 200 1707318079.css
secure.winred.com/stylesheets/rv_page_01hp20wp1x9as6mfvv50b0x90b/ 8 KB
3 KB 95ms
94ms Stylesheet
text/css 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01hp20wp1x9as6mfvv50b0x90b/1707318079.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e158256ae3589799bfa6faec0cbddd0263e535adb8f10674ba392069f38d969

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Sun, 01 Sep 2024 16:14:48 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
cf-polished: origSize=8594
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 67a00e71-9ad3-4bf1-b832-b7c4d0d1fb22
x-runtime: 0.043499
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Thu, 27 Jun 2024 20:44:07 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: public, max-age=31556952
cf-ray: 8bc68e314cb2ac52-YYZ
expires: Mon, 01 Sep 2025 22:04:00 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 332 KB
109 KB 283ms
134ms Script
text/javascript 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

bbdd5a6785847851c110d085cb6621eb81559f452a499dbb2dcee4c18510aeb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111016
x-xss-protection: 0

GET
H3 200 application-landing-page-d2fed38bd1c0b24be6276f48bfcac38db7931971bd2c2f83b865c4dd25f56b00.js Show response
secure.winred.com/assets/ 491 KB
137 KB 72ms
71ms Script
application/javascript 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-d2fed38bd1c0b24be6276f48bfcac38db7931971bd2c2f83b865c4dd25f56b00.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63cf6d76bc60310dcbb1bc13ad7ba9cdf302200e10b86450e7f3dbf1da8f871b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:48 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: MAspxmHz._pe1WkPqYdgoPgGHrfASn1u
cf-cache-status: HIT
x-amz-request-id: FR5HH3TVKR1XJQQD
age: 475
cf-polished: origSize=502979
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Dd6lcWhZZJyaV17IeXPwJYPpyhqDGg7RcbBUWH0v3Cx3jTOs5kAPngQgAOc9X7x/BOJ5qtSbYP8=
cf-bgj: minify
last-modified: Tue, 27 Aug 2024 01:09:28 GMT
server: cloudflare
etag: W/"056cbf876f5171129a78de68ec1c4e19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 8bc68e314cb4ac52-YYZ
expires: Sun, 01 Sep 2024 20:14:48 GMT

GET
H2 200 Emmer-Headshot-Cut-768x834.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/595/043/square/ 15 KB
15 KB 240ms
53ms Image
image/png 2600:9000:26fa:dc00:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/595/043/square/Emmer-Headshot-Cut-768x834.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:dc00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da1c184a06af895e0aace540ec0bb777bc812bc34942087d3f679a9a16cf908c

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: KgxfXyfBmiY8ziMqcOU0BIsL4Y8738_h
date: Sun, 01 Sep 2024 12:13:30 GMT
via: 1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P1
age: 14478
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 15186
last-modified: Fri, 31 Mar 2023 17:54:22 GMT
server: AmazonS3
etag: "1db6a72f1f8995cdb09f8ba39c75a2d1"
vary: accept-encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: vLOaxnywo_cI8-VtREBPyo6z4kS2hWHIWdjw9d8sH0lYf3Gq-nWn_g==

GET
H3 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 148ms
147ms Image
image/webp 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:48 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: dW74EP6f4f6Aqb5wLRxllr.NSeXW8XE2
cf-cache-status: HIT
x-amz-request-id: TN8HDC0VTVZ6FYBN
age: 5537
cf-polished: origFmt=png, origSize=11635
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc: h3=":443"; ma=86400
content-length: 8708
x-amz-id-2: 9qM/3flcH/qxvTvBu4FpK4jXzkay2fk73uGpWP1+SV0GI4f28S+jlEs8f3hR18nABdDQodgnOE4=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 27 Aug 2024 01:09:34 GMT
server: cloudflare
etag: "972c0cca8d1e490484e89513f902e847"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8bc68e314cb5ac52-YYZ
expires: Sun, 01 Sep 2024 20:14:48 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 493 KB
112 KB 241ms
109ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4e5ff888d7b5159e2d51c80c848be86c19d3ae121e897740ad55de9dd406b77c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114460
x-xss-protection: 0
last-modified: Sun, 01 Sep 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 01 Sep 2024 16:14:49 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 637 KB
124 KB 189ms
135ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KBSKFC3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cdcec547e0decacec5a463c6491cd5194219450a4d6c524b3b80025b7408b3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127161
x-xss-protection: 0
last-modified: Sun, 01 Sep 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 01 Sep 2024 16:14:49 GMT

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
7 KB 47ms
46ms Image
image/svg+xml 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:48 GMT
x-amz-version-id: ea7GvxzWHWpdhDHNLg3Ca2YWEz2JTdeo
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: HIT
x-amz-request-id: 6R1F0JNRP2HSHWQ5
age: 5538
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7yI3ObI3OUYeob3iOhbgxMUpGvvuTH9FLng/xPaVifHeabBbZ1/Vxk4NEm3g5eMZF4w4tT7nwZI=
last-modified: Fri, 10 May 2024 01:11:55 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 8bc68e323d5cac52-YYZ
expires: Sun, 01 Sep 2024 20:14:48 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 168ms
57ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://secure.winred.com/
Origin: https://secure.winred.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8bc68e348dce36cc-YYZ

GET
H2 200 charles-duck-unitas-hPq1nLfLgBY-unsplash.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/595/107/large/ 247 KB
248 KB 47ms
46ms Image
image/jpeg 2600:9000:26fa:dc00:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/595/107/large/charles-duck-unitas-hPq1nLfLgBY-unsplash.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01hp20wp1x9as6mfvv50b0x90b/1707318079.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:dc00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 633f0d6506bdaa079ac3b5d790b4744c03de104c40954de7b6f6b54f06e11358

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: MmnAU_aEFmtaI9ArDpHw10UhxZ2vjL2C
date: Sat, 31 Aug 2024 17:40:33 GMT
via: 1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P1
age: 81256
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 252731
last-modified: Fri, 31 Mar 2023 18:18:33 GMT
server: AmazonS3
etag: "b84e781d8222a805bb6810d7cc188453"
vary: accept-encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: hTHYaGZneR1l_AcGrDaN8gmkrKEKlhRvKdAx6v_7GRjKkikwuUMwnw==

GET
H2 200 controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html
js.stripe.com/v3/ Frame D544 0
0 216ms
49ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 44
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 402
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:49 GMT
etag: "0ac892cc1983a4b6e5727ee594af4fd2"
last-modified: Fri, 30 Aug 2024 20:04:50 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 21
x-content-type-options: nosniff
x-request-id: 03cf5e32-c3c2-4190-b9c3-cdddb688ebfe
x-served-by: cache-yul1970021-YUL

GET
H2 200 elements-inner-card-b1344a4c4def8e303f93ab07a5fd5917.html
js.stripe.com/v3/ Frame 4F3A 0
0 202ms
48ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-b1344a4c4def8e303f93ab07a5fd5917.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 158661
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 513
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:49 GMT
etag: "b1344a4c4def8e303f93ab07a5fd5917"
last-modified: Fri, 30 Aug 2024 20:04:50 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 6384
x-content-type-options: nosniff
x-request-id: 68d5881b-5b7e-43e1-8c71-2c0bd9591271
x-served-by: cache-yul1970021-YUL

GET
H3 200 current_with_info Show response
app.revv.co/api/v3/users/ 162 B
1 KB 235ms
118ms XHR
application/vnd.api+json 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/team-emmer/gop-supporter-status?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-d2fed38bd1c0b24be6276f48bfcac38db7931971bd2c2f83b865c4dd25f56b00.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96b8a5f38004406df192e580dfeb9d90a84360d2d0eb68381e99f637cd169fcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
x-rack-cors: hit
date: Sun, 01 Sep 2024 16:14:49 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-encoding: br
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
x-rack-cors-original-access-control-expose-headers
alt-svc: h3=":443"; ma=86400
x-request-id: 4f07b6f8-825a-49af-bc43-cf65037a93f2
x-runtime: 0.010776
server: cloudflare
etag: W/"96b8a5f38004406df192e580dfeb9d90"
access-control-max-age: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
cf-ray: 8bc68e361bcd5407-YYZ

GET
H2 200 controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html
js.stripe.com/v3/ Frame F215 0
0 159ms
159ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-0ac892cc1983a4b6e5727ee594af4fd2.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name

Value

Content-Security-Policy

base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report

X-Content-Type-Options

nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 44
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 402
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:49 GMT
etag: "0ac892cc1983a4b6e5727ee594af4fd2"
last-modified: Fri, 30 Aug 2024 20:04:50 GMT
origin-agent-cluster: ?1
server: Fastly
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 21
x-content-type-options: nosniff
x-request-id: 03cf5e32-c3c2-4190-b9c3-cdddb688ebfe
x-served-by: cache-yul1970021-YUL

GET
H2 200 payment-request-inner-google-pay-8507f9b29e3db32fbac32c17ffd1d1a4.html
js.stripe.com/v3/ Frame D31C 0
0 150ms
50ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-8507f9b29e3db32fbac32c17ffd1d1a4.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 158647
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 182
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:49 GMT
etag: "8507f9b29e3db32fbac32c17ffd1d1a4"
last-modified: Fri, 30 Aug 2024 20:05:06 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1709
x-content-type-options: nosniff
x-request-id: b0a83c76-0877-402e-9a24-9064a514c8e0
x-served-by: cache-yul1970021-YUL

GET
H2 200 payment-request-inner-browser-d4dd9b4eb039b9102dc27ea9889ca3fc.html
js.stripe.com/v3/ Frame 7E62 0
0 143ms
47ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-d4dd9b4eb039b9102dc27ea9889ca3fc.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 17
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 161
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:49 GMT
etag: "d4dd9b4eb039b9102dc27ea9889ca3fc"
last-modified: Fri, 30 Aug 2024 20:05:06 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2
x-content-type-options: nosniff
x-request-id: 008dbb30-5c96-4274-a3b8-856464a23d70
x-served-by: cache-yul1970021-YUL

GET
H3

200

main.js Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/ Frame 33F0
Redirect Chain

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js?

8 KB
4 KB

34ms
33ms

Script
application/javascript

2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js?

Requested by

Protocol

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b2ef5f4cae029307edce6af4c85dfd960fc2b881aa6cf97e861b4200d83f7e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8bc68e36180eac52-YYZ
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sun, 01 Sep 2024 16:14:49 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8bc68e35afb5ac52-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 199ms
64ms XHR
application/json 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 301 KB
102 KB 77ms
76ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d769b6c36942db4f2e83ebb90aa02c5194967e26c8b054254c73ec57d04fe54c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 01 Sep 2024 16:14:49 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 201ms
60ms Script
text/javascript 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 01 Sep 2024 16:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 525
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 01 Sep 2024 18:06:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 273 KB
95 KB 73ms
72ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBSKFC3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01632ca58d61c17f22a0ea40e5b344c8f5e25be67efa8c101503196e6b2ef3ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96664
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 01 Sep 2024 16:14:49 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 315 KB
105 KB 98ms
98ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4VWNN0QB5Z&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBSKFC3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e998bf05885650da1a56c35ac1db15c21e5246ce129d1175b51b7d15e849a5b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 01 Sep 2024 16:14:49 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 185ms
62ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 01 Sep 2024 16:14:49 GMT
document-policy: force-load-at-top
x-fb-server-load: 45
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58936
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=54, rtx=0, c=23, mss=1232, tbw=5549, tp=10, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: wH9kYdZoev4LqBbRlg2oRmBnfuMdbnf/ScFhXvh2Byc+U0a6TzEw4yJeowOLo+ptdPsuWcMS4DAUpOIf6bEQng==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 8bc68e309c31ac52 Show response
secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 33F0 0
672 B 65ms
52ms XHR
text/plain 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/g/jsd/r/8bc68e309c31ac52

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 8bc68e378972ac52-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 collect Show response
gtm.winred.com/g/ 868 B
1 KB 318ms
204ms XHR
text/plain 2606:4700::6810:e534
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je48s0v867905447z872410129za200zb72410129&_p=1725207288542&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1222891837.1725207290&ecid=2031735632&ul=en-ca&sr=1600x1200&_fplc=0&ur=CA-ON&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.etld=google.ca&sst.tft=1725207288542&sst.ude=0&_s=1&sid=1725207289&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&dt=CONFIRM%20YOUR%20STATUS&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fteam-emmer%2Fgop-supporter-status%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status&epn.load_time_sec=-1725207288.3&epn.event_fire_time=1725207289290&ep.event_uuid=e1488eb6-2a9c-417f-933e-461f5676073f&ep.isVideoPage=f&ep.referrer=&tfd=1259&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4580d787c13d3a00d401baf024eb478d6ef97d40f54b28aad2bb53ae19419d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8bc68e387a70ac5d-YYZ
alt-svc: h3=":443"; ma=86400

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 51ms
49ms Fetch
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CM6HT6HPTV&gtm=45je48s0v883914665z8858067114za200zb858067114&_p=1725207288542&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1222891837.1725207290&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725207289&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&dt=CONFIRM%20YOUR%20STATUS&en=page_view&_fv=1&_ss=1&ep.ex_tid=20240831_RRD2.113502_t1538477-2752&tfd=1309
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
70 B 70ms
69ms XHR
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=124466960&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&ul=en-ca&de=UTF-8&dt=CONFIRM%20YOUR%20STATUS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAEK~&jid=655539012&gjid=1451784093&cid=1222891837.1725207290&tid=UA-73658561-7&_gid=1411739312.1725207290&_slc=1&gtm=45He48s0n71NTQZ9Nv72410129za200&cd61=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&z=1228459990

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
347 B 269ms
125ms XHR
text/plain 2607:f8b0:4004:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-73658561-7&cid=1222891837.1725207290&jid=655539012&gjid=1451784093&_gid=1411739312.1725207290&_u=YCDAiEABBAAAAGAEK~&z=1617370403

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 01 Sep 2024 16:14:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
155 B 66ms
65ms Image
image/gif 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=124466960&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&ul=en-ca&de=UTF-8&dt=CONFIRM%20YOUR%20STATUS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=YCDAiEABBAAAAGAEK~&jid=&gjid=&cid=1222891837.1725207290&tid=UA-73658561-7&_gid=1411739312.1725207290&gtm=45He48s0n71NTQZ9Nv72410129za200&cd41=anonymous&cd58=f&cd61=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&z=1543191148

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 02:09:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50742
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 51ms
51ms Fetch
text/plain 2607:f8b0:4006:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4VWNN0QB5Z&gtm=45je48s0v9123011820z8858067114za200zb858067114&_p=1725207288542&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1222891837.1725207290&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725207289&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&dt=CONFIRM%20YOUR%20STATUS&en=page_view&_fv=1&_ss=1&tfd=1378
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4VWNN0QB5Z&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 857909828585076 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 38ms
38ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/857909828585076?v=2.9.166&r=stable&domain=secure.winred.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

31d409fb4f13057d01e4bc7dbaf4347ada30f97eb2d810b66d322de32ecf86d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 01 Sep 2024 16:14:49 GMT
document-policy: force-load-at-top
x-fb-server-load: 45
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12861
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=74, mss=1232, tbw=68157, tp=63, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 3EpcrMlvxg5/kbw090w1mZWkPxntxjprAqBKd2fXdF0OfNB/ylBlVKZF6xsq+oo8S54xQ2AUy1KsByr1wg2U0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 230ms
94ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=857909828585076&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&rl=&if=false&ts=1725207289741&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725207289739.836235040862236011&ler=empty&cdl=API_unavailable&it=1725207289679&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1392, tbw=2777, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 01 Sep 2024 16:14:49 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 274ms
139ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=857909828585076&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&rl=&if=false&ts=1725207289741&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725207289739.836235040862236011&ler=empty&cdl=API_unavailable&it=1725207289679&coo=false&rqm=FGET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sun, 01 Sep 2024 16:14:49 GMT
document-policy: force-load-at-top
x-fb-server-load: 35
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7409708885995506387", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1392, tbw=3095, tp=-1, tpl=-1, uplat=77, ullat=1
pragma: no-cache
x-fb-debug: 51gruyB8d9wJZSZUgYDzW9DXb0rXHcRzOYTnlNznhEzr4Q5TiKtGXA9uD2fpaOgjPfXc8UYE+J/NylYyXb9WvQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7409708885995506387"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 collect
analytics.google.com/g/s/ 0
201 B 240ms
118ms Image
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.google.com/g/s/collect?dma=0&npa=0&gcd=13l3l3l3l1l1&gtm=45j91e48s0v867905447z872410129z9867900975za200zb72410129&_gsid=X6H0114PDFKT-4Oc4ylYeuyV2mw7osSg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 228ms
101ms Image
image/gif 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=0&gcd=13l3l3l3l1l1&tid=G-X6H0114PDF&cid=Gcmktd3pf4DZSopwKi1WbPGCac8XlTXCzu1okzGXcEw%3D.1725207290&gtm=45j91e48s0v867905447z872410129z9867900975za200zb72410129&aip=1&z=2126843900

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 53ms
51ms Image
text/plain 2607:f8b0:4004:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=0&gcd=13l3l3l3l1l1&tid=G-X6H0114PDF&cid=Gcmktd3pf4DZSopwKi1WbPGCac8XlTXCzu1okzGXcEw%3D.1725207290&gtm=45j91e48s0v867905447z872410129z9867900975za200zb72410129&aip=1
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect Show response
gtm.winred.com/g/ 370 B
774 B 187ms
186ms XHR
text/plain 2606:4700::6810:e534
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je48s0v867905447z872410129za200zb72410129&_p=1725207288542&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1222891837.1725207290&ecid=2031735632&ul=en-ca&sr=1600x1200&_fplc=0&ur=CA-ON&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.etld=google.ca&sst.tft=1725207288542&sst.ude=0&_s=2&sid=1725207289&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&dt=CONFIRM%20YOUR%20STATUS&en=user%20session%20start&ep.pagepath=%2Fteam-emmer%2Fgop-supporter-status%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status&epn.load_time_sec=-1725207288.3&epn.event_fire_time=1725207289319&ep.event_uuid=bd449185-657a-4f63-a2f1-d6788a55ec9b&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=f&ep.usercategory=anonymous&_et=6&tfd=1771&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebd2ce44ba2065bac7287e681730d5c139bfa1a330103c208bce7ae841793532

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8bc68e3afc03ac5d-YYZ
alt-svc: h3=":443"; ma=86400

POST
H3 204 rum Show response
secure.winred.com/cdn-cgi/ 0
142 B 30ms
27ms XHR
text/plain 2606:4700::6813:d459
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Sun, 01 Sep 2024 16:14:50 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://secure.winred.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8bc68e3b8c57ac52-YYZ

GET
H3 200 Artboard.png
d35ligi1n5bgzc.cloudfront.net/favicons/favicon_assets/000/015/569/original/ 1 KB
2 KB 42ms
41ms Other
image/png 2600:9000:26fa:dc00:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d35ligi1n5bgzc.cloudfront.net/favicons/favicon_assets/000/015/569/original/Artboard.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:26fa:dc00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc1c77849ba3a6020b87884599c1aefa09a9e1d7bfed95ad3deec6a5d4c08902

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 31 Aug 2024 17:43:28 GMT
x-amz-version-id: FN8PLjpE4LnyaM50_d0emgSd0vAz496F
via: 1.1 13d659985661cdf8f3c57901ab225276.cloudfront.net (CloudFront)
last-modified: Wed, 10 Jul 2019 18:21:57 GMT
server: AmazonS3
age: 81083
x-amz-cf-pop: JFK52-P1
etag: "7b9c8b7070c8f9c81fc9a133d26daf4e"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1512
x-amz-cf-id: EzHhxKlMwe573kz_nR1YXSIRGdHGRPx_Nl1fkMBREaV6IautKGT6RA==

GET
H3 200 hcaptcha-invisible-2f909bdadae0673349d4ea790f57318b.html
js.stripe.com/v3/ Frame 9FBB 0
0 43ms
40ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/hcaptcha-invisible-2f909bdadae0673349d4ea790f57318b.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-XSmPfHuDGngQ+YbIjDf41E6t5BQ9d3SdXm0lDQHh7+Q='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 158661
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 23688
content-security-policy: base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-XSmPfHuDGngQ+YbIjDf41E6t5BQ9d3SdXm0lDQHh7+Q='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:50 GMT
etag: "23061055e3bf06882e1e4f0505e771ad"
last-modified: Fri, 30 Aug 2024 20:05:06 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 6635
x-content-type-options: nosniff
x-request-id: 70caf880-87b2-43e0-9955-f4e893307a3d
x-served-by: cache-yul1970033-YUL

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 102ms
102ms Image
image/gif 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=0&gcd=13l3l3l3l1l1&tid=G-X6H0114PDF&cid=Gcmktd3pf4DZSopwKi1WbPGCac8XlTXCzu1okzGXcEw%3D.1725207290&gtm=45j91e48t0h2v867905447z872410129z9867900975za200zb72410129&aip=1&z=771911742

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 78E4 0
0 44ms
44ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2271201
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 01 Sep 2024 16:14:54 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Mon, 05 Aug 2024 20:35:49 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 221024
x-content-type-options: nosniff
x-request-id: 10e4645d-2db6-4eff-afcd-9fb0fb85b33d
x-served-by: cache-yul1970033-YUL

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/2/ 287 KB
62 KB 41ms
40ms Script
text/javascript 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/2/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08e459993835b5d4968a9499dfa86e6bdb03c3b1bf2cc66e8298029916bb4d6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 15:42:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62853
x-xss-protection: 0
last-modified: Mon, 26 Aug 2024 23:22:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Sep 2025 15:42:34 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/2/ 179 KB
55 KB 43ms
43ms Script
text/javascript 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/2/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c2411185cf55fafd1c8cd88a1bfc1c9aebaea64e640bffd441b038f759e741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 07:51:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55950
x-xss-protection: 0
last-modified: Mon, 26 Aug 2024 23:22:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Sep 2025 07:51:38 GMT

GET
H2 200 trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js Show response
js.stripe.com/v3/fingerprinted/js/ 176 B
297 B 42ms
41ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Sep 2024 16:14:55 GMT
via: 1.1 varnish
age: 3478571
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 123
x-request-id: 53701d2d-08b7-4c61-8976-fe4b37689f70
x-served-by: cache-yul1970022-YUL
last-modified: Mon, 22 Jul 2024 20:03:57 GMT
server: Fastly
etag: "96f5b26d366f47393b3ff36fe7471474"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 124928

GET
H3 200 collect Show response
gtm.winred.com/g/ 369 B
617 B 174ms
173ms XHR
text/plain 2606:4700::6810:e534
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je48s0v867905447z872410129za200zb72410129&_p=1725207288542&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1222891837.1725207290&ecid=2031735632&ul=en-ca&sr=1600x1200&ur=CA-ON&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.etld=google.ca&sst.tft=1725207288542&sst.ude=0&_s=3&sid=1725207289&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status%2F%3Frecurring%3Dtrue%26utm_campaign%3D20240831_RRD2.113502_t1538477-2752%26ex_tid%3D20240831_RRD2.113502_t1538477-2752&dt=CONFIRM%20YOUR%20STATUS&en=page_load_time_event&ep.pagepath=%2Fteam-emmer%2Fgop-supporter-status%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fteam-emmer%2Fgop-supporter-status&epn.load_time_sec=1.9&epn.event_fire_time=1725207290160&ep.event_uuid=e837c89e-a3be-46fa-9d88-bbe4db0fa9e0&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=f&ep.usercategory=anonymous&epn.loading_time_sec_on_window_load=1.86&_et=609&tfd=6890&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0270229698f5bbd10c7d4ac3d1416873a4e2b6063ff557cad00a89a9c1a20734

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 16:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8bc68e5afd48ac5d-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 102ms
102ms Image
image/gif 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Sep 2024 16:14:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.revv.co/api/v3/users	1970-01-21 08:49:27	Name: rvid Value: b6f49a2d-f05e-4cb5-9bec-4e3a0272232f
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: UmRGNWtyVEFSK3BDM0NHeXNqZDh6eWVrQTdxTmtuTUY3OEE5MWJCbEtMZElBNHZic25lT0wweFFwdTZWV2d5M2pWRnF4aGhkMEozckNkdk1VdFFiWC84YktZQ0NKVjZEcVdndVRtWFNLQjlHZEVJWklXbEhSWFFpbWpZOVV0NlQvTGlwT01xdUpGak1sQmVQbXdtcHBoQjNYbGFVb0VEL0hZWjk1TGlwZzFlNkJveW5Vb2pWZnNQZTN5cklETzU2N3htbXVjVlZ3bG1uSVVWeE5KSDNFMGlPczl5MEs5bHJxN3JQWWNQNVZteEJlUkk0Nmg0U0RVdUNpZHp3Tks0OWJDU1BKS2FLaWN6RzQva2M3eEhMV1JJbU16OVpKajVpaGlZalNVaVFYMy92YUgyVDhFa2hBUnRCS2c3bW1pSyt4VkRQWlA3czZoYWg3SGJVTHVFT2FKUEtERlgwNUN1Q0dxS2h6OHBXTUVVPS0tbUs2NlozRWN2djV3OXlJa1l3N2lYQT09--6fdc68bdd8a3bed9cabb1aeef14c650839abf1a3
.secure.winred.com/	1970-01-20 23:13:29	Name: __cf_bm Value: .mIRkNZIDt79nv6Ag7gnhZ5wuWeKb.m9cw9bjnH1RYY-1725207288-1.0.1.1-FDM0aZ0soPIZz8FbDQDxF004lGY8qHeRhp4cFCSRNhJGVtBxNgZjqstDziHp8cEzbznFF4768zLLBjo7DJ6Jsw
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752
.winred.com/	1970-01-21 01:23:03	Name: _gcl_au Value: 1.1.847674540.1725207289
.revv.co/	1969-12-31 23:59:59	Name: _revv_v3_session Value: T2NneDUrcUlPTTZpend2eXBxeTViVmhlNWszMlFhclE5dmJvVUtwODg3RXc1MlhTdTNsSEpIRUhHNDNyUUkzakxHUE5JRk1mMmlrVzRLMC9MWndkcHc9PS0tMDdjYUNPelJBS3VoS2JTYTFxVjBCUT09--fe4353cea7f849d4d2c20f67b2f42ae3d406b294
.revv.co/	1970-01-20 23:13:29	Name: __cf_bm Value: h0wU.2pk9ft.Vb5KyE9D8q3Q3zMmLFoI.taLt82KA.c-1725207289-1.0.1.1-7fslC_zQzG4g1RbayiRepup4reTLTrn54Xd8KgFZxdaMvqdmgj69m8aiAMGdJsUIsFmTxLC_MOtTNeVK7OGbvw
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-21 08:49:27	Name: rvid Value: b6f49a2d-f05e-4cb5-9bec-4e3a0272232f
.secure.winred.com/	1970-01-21 07:59:03	Name: cf_clearance Value: 7Xv.k_VmFyfKIxY3viiKuoP2ibtb.2ZXBuNNHAdhSwo-1725207289-1.2.1.1-7jZGbJ_WP2ZVhWEKbKBgvhA7rx_zS68c3i1fhcZhDYdwrs8VIHBufzPxTYr5uH17h1CgR2i06_Uu3F8e_B4ddwhtQb.P.gRL9QKCSveIBMKEAV691_f85lCnmryAdBN6X1piMXXlofuj9zKhf9TgcnV3wvS8wNQUtwOK9IkHmIqoTGd2wGkttAhC_q67Avc8pUb6tIlPjVvroXHt9OvmpEeWdlacExUQYCOkRWaGhJEkIgxUQ0GM5k_YBTNdge0mWlsbiew8zsovR7A.MFR.Bq6wPrub4qePiHl8MpJDrtd3ewnhWrR00HhxfBDaFdGW4rZhyfhQ3mJ15FEPogX2Ss2rWqcZeRC8BXThboClzhqq6Jwqxrg_5dloEfxMdRKg
.winred.com/	1970-01-21 08:49:27	Name: _ga_CM6HT6HPTV Value: GS1.1.1725207289.1.0.1725207289.0.0.0
.winred.com/	1970-01-20 23:14:53	Name: _gid Value: GA1.2.1411739312.1725207290
.winred.com/	1970-01-20 23:13:27	Name: _dc_gtm_UA-73658561-7 Value: 1
.winred.com/	1970-01-21 08:49:27	Name: _ga_4VWNN0QB5Z Value: GS1.1.1725207289.1.0.1725207289.0.0.0
.winred.com/	1970-01-21 08:49:27	Name: _ga Value: GA1.1.1222891837.1725207290
.winred.com/	1970-01-21 01:23:03	Name: _fbp Value: fb.1.1725207289739.836235040862236011
.winred.com/	1970-01-21 08:49:27	Name: FPID Value: FPID2.2.Gcmktd3pf4DZSopwKi1WbPGCac8XlTXCzu1okzGXcEw%3D.1725207290
.winred.com/	1970-01-20 23:13:29	Name: FPGSID Value: 1.1725207289.1725207289.G-X6H0114PDF.KT-4Oc4ylYeuyV2mw7osSg
.winred.com/	1970-01-21 08:49:27	Name: _ga_X6H0114PDF Value: GS1.1.1725207289.1.0.1725207290.0.0.2031735632
.winred.com/	1970-01-20 23:14:39	Name: FPLC Value: APSXPHG%2FWvQ2EUgaKYw9TU0eexyunv8oRqkYDFAsKWMBjrnOgQdo4W3mxSvIiwjAsreU6jdQvwK%2Br7%2Fdtcuf49sufoaulLoUga%2FnzSfBuuQA23%2BBOonpUaDIWRSdLQ%3D%3D
api.hcaptcha.com/	1970-01-20 23:56:39	Name: hmt_id Value: 9c70c6f6-f041-4ee6-99cb-51df432733e1

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Found 2 elements with non-unique id #conduit_employer_name: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Found 2 elements with non-unique id #conduit_mobile_number: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Found 2 elements with non-unique id #conduit_not_employed: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Found 2 elements with non-unique id #conduit_occupation: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other	warning	URL: https://secure.winred.com/team-emmer/gop-supporter-status/?recurring=true&utm_campaign=20240831_RRD2.113502_t1538477-2752&ex_tid=20240831_RRD2.113502_t1538477-2752 Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
app.revv.co
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
gtm.winred.com
js.stripe.com
maps.googleapis.com
secure.winred.com
static.cloudflareinsights.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.ca
www.googletagmanager.com
151.101.192.176
151.101.64.176
2001:4860:4802:34::181
2600:9000:26fa:dc00:0:7d26:ee00:93a1
2606:4700::6810:4f49
2606:4700::6810:e534
2606:4700::6813:d459
2607:f8b0:4004:c06::9b
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80f::2003
2607:f8b0:4006:80f::200e
2607:f8b0:4006:81d::2008
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
01632ca58d61c17f22a0ea40e5b344c8f5e25be67efa8c101503196e6b2ef3ab
0270229698f5bbd10c7d4ac3d1416873a4e2b6063ff557cad00a89a9c1a20734
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
08e459993835b5d4968a9499dfa86e6bdb03c3b1bf2cc66e8298029916bb4d6a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2b2ef5f4cae029307edce6af4c85dfd960fc2b881aa6cf97e861b4200d83f7e9
2e158256ae3589799bfa6faec0cbddd0263e535adb8f10674ba392069f38d969
31d409fb4f13057d01e4bc7dbaf4347ada30f97eb2d810b66d322de32ecf86d1
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
4e5ff888d7b5159e2d51c80c848be86c19d3ae121e897740ad55de9dd406b77c
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
633f0d6506bdaa079ac3b5d790b4744c03de104c40954de7b6f6b54f06e11358
63cf6d76bc60310dcbb1bc13ad7ba9cdf302200e10b86450e7f3dbf1da8f871b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
96b8a5f38004406df192e580dfeb9d90a84360d2d0eb68381e99f637cd169fcd
97c2411185cf55fafd1c8cd88a1bfc1c9aebaea64e640bffd441b038f759e741
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af4580d787c13d3a00d401baf024eb478d6ef97d40f54b28aad2bb53ae19419d
bbdd5a6785847851c110d085cb6621eb81559f452a499dbb2dcee4c18510aeb2
bca1f0e8a0cd284ca46085d177b999860e4cbd275474eaa58c16cd53ce853e6c
c55f9ced964923aa6bb9767c8c4ac9d7f18572bcbe9ae8ee1f0c1637c679a169
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdcec547e0decacec5a463c6491cd5194219450a4d6c524b3b80025b7408b3e0
d769b6c36942db4f2e83ebb90aa02c5194967e26c8b054254c73ec57d04fe54c
da1c184a06af895e0aace540ec0bb777bc812bc34942087d3f679a9a16cf908c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3554df81817a851badf4b7eadbcd096d0ec3845f0d8cf0498d5e2601e3848af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e998bf05885650da1a56c35ac1db15c21e5246ce129d1175b51b7d15e849a5b5
ebd2ce44ba2065bac7287e681730d5c139bfa1a330103c208bce7ae841793532
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc1c77849ba3a6020b87884599c1aefa09a9e1d7bfed95ad3deec6a5d4c08902

secure.winred.com Open in urlscan Pro 2606:4700::6813:d459 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

98 %HTTPS

86 %IPv6

13 Domains

14 Subdomains

14 IPs

1 Countries

1499 kBTransfer

4895 kBSize

21 Cookies

7 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700::6813:d459 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

98 %
HTTPS

86 %
IPv6

13
Domains

14
Subdomains

14
IPs

1
Countries

1499 kB
Transfer

4895 kB
Size

21
Cookies

50 HTTP transactions
0 data transactions