rednoseday.org Open in urlscan Pro
151.101.130.217 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://donors.comicrelief.org/site/R?i=AcfiRlyuc1Blg9GShk4qvpIIR_roaqUiFXCp5t4AiNvRcq1fYHt4yA
Effective URL:
https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_con...
Submission: On May 09 via api (May 9th 2022, 1:57:46 pm UTC) from US — Scanned from DE

Summary HTTP 92 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 27 IPs in 4 countries across 23 domains to perform 92 HTTP transactions. The main IP is 151.101.130.217, located in United States and belongs to FASTLY, US. The main domain is rednoseday.org. The Cisco Umbrella rank of the primary domain is 611869.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA H2 2021 on October 5th 2021. Valid for: a year.

This is the only time rednoseday.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.235.194.227 216.235.194.227	15148 (BLACKBAUD...) (BLACKBAUD-ASN)
19	151.101.130.217 151.101.130.217	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1 1	2a03:2880:f22... 2a03:2880:f22d:1c2:face:b00c:0:43fe	32934 (FACEBOOK) (FACEBOOK)
1 2	2a03:2880:f22... 2a03:2880:f22d:1e6:face:b00c:0:4420	32934 (FACEBOOK) (FACEBOOK)
4	2600:9000:215... 2600:9000:2156:3000:12:303c:8700:21	16509 (AMAZON-02) (AMAZON-02)
1	20.60.58.97 20.60.58.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	104.22.1.244 104.22.1.244	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1 3	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
4	23.36.163.232 23.36.163.232	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
20	172.67.15.63 172.67.15.63	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	147.135.78.45 147.135.78.45	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
3	45.60.33.183 45.60.33.183	19551 (INCAPSULA) (INCAPSULA)
1	2600:9000:215... 2600:9000:2156:2e00:14:79be:a380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.202.99.104 52.202.99.104	14618 (AMAZON-AES) (AMAZON-AES)
2	104.26.8.138 104.26.8.138	13335 (CLOUDFLAR...) (CLOUDFLARENET)
92	27

1 216.235.194.227 (United States) 1 redirects

ASN15148 (BLACKBAUD-ASN, US)

donors.comicrelief.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 151.101.130.217 (United States)

ASN54113 (FASTLY, US)

rednoseday.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f22d:1c2:face:b00c:0:43fe (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

platform.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f22d:1e6:face:b00c:0:4420 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:3000:12:303c:8700:21 (United States)

ASN16509 (AMAZON-02, US)

d3rse9xjbp8270.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.60.58.97 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

nvlupin.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.22.1.244 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.fundraiseup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.fundraiseup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

6631903.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.36.163.232 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-232.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 172.67.15.63 (United States)

ASN13335 (CLOUDFLARENET, US)

static.fundraiseup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.135.78.45 (United States)

ASN16276 (OVH, FR)

sentry.fundraiseup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.33.183 (United States)

ASN19551 (INCAPSULA, US)

profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:2e00:14:79be:a380:93a1 (United States)

ASN16509 (AMAZON-02, US)

js2.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.99.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-99-104.compute-1.amazonaws.com

tracker.samplicio.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.8.138 (United States)

ASN13335 (CLOUDFLARENET, US)

fndrsp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	fundraiseup.com cdn.fundraiseup.com — Cisco Umbrella Rank: 82287 static.fundraiseup.com — Cisco Umbrella Rank: 76966 sentry.fundraiseup.com — Cisco Umbrella Rank: 89212	652 KB
19	rednoseday.org rednoseday.org — Cisco Umbrella Rank: 611869	2 MB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	40 KB
6	doubleclick.net 1 redirects 6631903.fls.doubleclick.net — Cisco Umbrella Rank: 62393 googleads.g.doubleclick.net — Cisco Umbrella Rank: 65 stats.g.doubleclick.net — Cisco Umbrella Rank: 175	4 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	676 B
4	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 1219	89 KB
4	cloudfront.net d3rse9xjbp8270.cloudfront.net	271 KB
3	google.de 1 redirects www.google.de — Cisco Umbrella Rank: 3632 adservice.google.de — Cisco Umbrella Rank: 5351	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 20 adservice.google.com — Cisco Umbrella Rank: 128	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 195	200 KB
3	instagram.com 2 redirects platform.instagram.com — Cisco Umbrella Rank: 7994 www.instagram.com — Cisco Umbrella Rank: 1186	5 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 142	165 KB
2	fndrsp.net fndrsp.net — Cisco Umbrella Rank: 76370	1 KB
2	everyaction.com secure.everyaction.com — Cisco Umbrella Rank: 90136	19 KB
1	samplicio.us tracker.samplicio.us — Cisco Umbrella Rank: 3380	390 B
1	verygoodvault.com js2.verygoodvault.com — Cisco Umbrella Rank: 160805	24 KB
1	ngpvan.com profile.ngpvan.com — Cisco Umbrella Rank: 100263	764 B
1	t.co t.co — Cisco Umbrella Rank: 563	338 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 800	355 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 963	10 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 126	15 KB
1	windows.net nvlupin.blob.core.windows.net — Cisco Umbrella Rank: 57032	2 KB
1	comicrelief.org 1 redirects donors.comicrelief.org	1 KB
92	23

	Domain	Requested by
23	static.fundraiseup.com	rednoseday.org cdn.fundraiseup.com static.fundraiseup.com
19	rednoseday.org	rednoseday.org
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com static.fundraiseup.com
4	www.facebook.com	rednoseday.org
4	analytics.tiktok.com	rednoseday.org analytics.tiktok.com
4	d3rse9xjbp8270.cloudfront.net	rednoseday.org d3rse9xjbp8270.cloudfront.net www.googletagmanager.com
3	6631903.fls.doubleclick.net	1 redirects www.googletagmanager.com adservice.google.com
3	connect.facebook.net	rednoseday.org connect.facebook.net
3	www.googletagmanager.com	rednoseday.org d3rse9xjbp8270.cloudfront.net
2	fndrsp.net	cdn.fundraiseup.com
2	secure.everyaction.com	static.fundraiseup.com
2	stats.g.doubleclick.net	static.fundraiseup.com
2	www.google.de	rednoseday.org
2	www.google.com	rednoseday.org
2	www.instagram.com	1 redirects rednoseday.org
1	tracker.samplicio.us	6631903.fls.doubleclick.net
1	js2.verygoodvault.com	d3rse9xjbp8270.cloudfront.net
1	profile.ngpvan.com	d3rse9xjbp8270.cloudfront.net
1	t.co	rednoseday.org
1	analytics.twitter.com	rednoseday.org
1	adservice.google.de	1 redirects
1	adservice.google.com	6631903.fls.doubleclick.net
1	sentry.fundraiseup.com	static.fundraiseup.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	cdn.fundraiseup.com	rednoseday.org
1	nvlupin.blob.core.windows.net	rednoseday.org
1	platform.instagram.com	1 redirects
1	donors.comicrelief.org	1 redirects
92	30

This site contains links to these domains. Also see Links.

Domain
comicrelief.org
www.charitynavigator.org
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
www.pinterest.com
www.tiktok.com
mobilegiving.org

Subject Issuer	Validity	Valid
rednoseday.org GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-05` - `2022-11-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 01	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-15` - `2022-05-16`	3 months	crt.sh
fundraiseup.com Cloudflare Inc ECC CA-3	`2021-07-22` - `2022-07-21`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.tiktok.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-13` - `2023-01-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
sentry.fundraiseup.com R3	`2022-04-18` - `2022-07-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.ngpvan.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-30` - `2023-01-14`	a year	crt.sh
*.verygoodvault.com Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
*.everyaction.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-04-11` - `2023-04-11`	a year	crt.sh
*.samplicio.us Amazon	`2022-03-18` - `2023-04-16`	a year	crt.sh
*.fndrsp.net E1	`2022-04-29` - `2022-07-28`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Frame ID: 42B8634173823FF75CBD0675A461FE7F
Requests: 86 HTTP requests in this frame

Frame: https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1
Frame ID: 9E94E57A18686CC1A9BF3936D3A36B60
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1
Frame ID: E7B5C9D45C17A42977DA2A6C10A52252
Requests: 1 HTTP requests in this frame

Frame: https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1
Frame ID: 3116FC58479C7447BC1069EBC049844C
Requests: 2 HTTP requests in this frame

Frame: https://static.fundraiseup.com/fonts/ibm-plex-sans/ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-600.643ad5d92cd7.woff2
Frame ID: D35A2868C5072B34047E5A5957A20D8E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Donate to Red Nose Day | Red Nose Day USASearchShop loginFollow us on PinterestPinterestRednoseday InstagramVisit our Twitter accountVisit our Twitter accountVisit our Youtube channelVisit our Youtube channelVisit Comic Relief siteCloseGet the latestFacebook share iconTwitter share iconVisit our Instagram accountVisit our Instagram accountVisit our TikTok account Rednoseday TikTokRednoseday TikTokVisit our TikTok account

Page URL History Show full URLs

http://donors.comicrelief.org/site/R?i=AcfiRlyuc1Blg9GShk4qvpIIR_roaqUiFXCp5t4AiNvRcq1fYHt4yA HTTP 302
https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_C... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

92
Requests

99 %
HTTPS

48 %
IPv6

23
Domains

30
Subdomains

27
IPs

4
Countries

3211 kB
Transfer

8382 kB
Size

23
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://comicrelief.org/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.charitynavigator.org/ein/010885377

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RedNoseDayUSA/

Search URL Search Domain Scan URL

URL: https://twitter.com/rednosedayUSA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCA8S0A2NQBmklNkVmINZ_2Q

Search URL Search Domain Scan URL

URL: https://www.instagram.com/rednosedayusa/
Title: Visit our Instagram account Visit Rednoseday instagram page Visit our Instagram account Visit Rednoseday instagram page

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/rednosedayusa/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@rednosedayusa
Title: Visit our TikTok account Visit Rednoseday TikTok page Visit Rednoseday TikTok page Rednoseday TikTok Visit our TikTok account Rednoseday TikTok Visit our TikTok account Visit Rednoseday TikTok page

Search URL Search Domain Scan URL

URL: http://comicrelief.org/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://mobilegiving.org/terms-and-conditions
Title: Text to Donate Terms

Search URL Search Domain Scan URL

URL: http://comicrelief.org/privacy/
Title: Privacy Policy & Legal Disclosures

Search URL Search Domain Scan URL

URL: http://comicrelief.org/staff
Title: Meet The Comic Relief US Team

Search URL Search Domain Scan URL

URL: https://comicrelief.org/careers
Title: We're Hiring!

Search URL Search Domain Scan URL

URL: https://comicrelief.org/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://donors.comicrelief.org/site/R?i=AcfiRlyuc1Blg9GShk4qvpIIR_roaqUiFXCp5t4AiNvRcq1fYHt4yA HTTP 302
https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://platform.instagram.com/en_US/embeds.js HTTP 301
https://www.instagram.com/embed.js HTTP 302
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js

Request Chain 26

https://6631903.fls.doubleclick.net/activityi;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1 HTTP 302
https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Request Chain 51

https://adservice.google.de/ddm/fls/i/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1 HTTP 302
https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

92 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request critical-role Show response
rednoseday.org/
Redirect Chain

http://donors.comicrelief.org/site/R?i=AcfiRlyuc1Blg9GShk4qvpIIR_roaqUiFXCp5t4AiNvRcq1fYHt4yA
https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

74 KB
19 KB

49ms
8ms

Document
text/html

151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d486065dba9550f826b492d865a0ec2bd10ae007ee9e1840760c1b4f4c7d272e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 530128
cache-control: max-age=43200, public
content-encoding: gzip
content-language: en
content-length: 18147
content-type: text/html; charset=UTF-8
date: Mon, 09 May 2022 13:57:39 GMT
etag: "1651522958"
expires: Sun, 19 Nov 1978 05:00:00 GMT
fastly-drupal-html: YES
last-modified: Mon, 02 May 2022 20:22:38 GMT
link: <https://rednoseday.org/critical-role>; rel="canonical", <https://rednoseday.org/critical-role>; rel="shortlink" <https://rednoseday.org/critical-role>; rel="revision"
strict-transport-security: max-age=0
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 8 (https://www.drupal.org)
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-request-id: 00-16eb6464fc35fbee954d9bce60f76453-18dedc65e6c07c67-00
x-served-by: cache-lga21973-LGA, cache-hhn4028-HHN
x-timer: S1652104660.786505,VS0,VE1
x-ua-compatible: IE=edge

Redirect headers

Cache-Control: no-store
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri http://donors.comicrelief.org/site/XFrameViolation
Content-Type: text/html
Date: Mon, 09 May 2022 13:57:39 GMT
Keep-Alive: timeout=15, max=268
Location: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Pragma: no-cache
Server: Apache
X-Content-Type-Options: nosniff

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
44 KB 43ms
19ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-933958070

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e436b6e139d1d3c11fadc325cbc4a06587a2b5c32fac69f224169310069b0e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44174
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 May 2022 13:57:39 GMT

GET
H2 200 css__qtaWa6V8QJ_T5UDuqkgJ12WH9vJ86wT_xxC4a5pRyM.css
rednoseday.org/sites/default/files/css/ 24 KB
5 KB 8ms
7ms Stylesheet
text/css 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/sites/default/files/css/css__qtaWa6V8QJ_T5UDuqkgJ12WH9vJ86wT_xxC4a5pRyM.css

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

feab5a59ae95f1027f4f9503baa920275d961fdbc9f3ac13ff1c42e1ae694723

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: "6255fef6-1359"
age: 6317
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 4953
x-request-id: 00-16e92280797cd2ca37181c4d73b077c3-58c47f517c429086-00
x-served-by: cache-lga21940-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Tue, 12 Apr 2022 22:36:38 GMT
x-timer: S1652104660.838260,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Mon, 09 May 2022 12:11:13 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
rednoseday.org/sites/default/files/css/ 1 MB
130 KB 8ms
7ms Stylesheet
text/css 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b0e16af86d49771f526af47bbf877cbaa480969bc21280c6ae55499fd69ba6a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: "6245e8ff-20530"
age: 1155960
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 132400
x-request-id: 00-16e95918723b7ea307f00720f1581e87-cc550f58ab4e5f09-00
x-served-by: cache-lga21959-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Thu, 31 Mar 2022 17:46:39 GMT
x-timer: S1652104660.838433,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Tue, 10 May 2022 04:51:39 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 css_dnIw1FV_eEXd5jTZiSKBPOUnJJKnTI6pQ9IzbeFaY1I.css
rednoseday.org/sites/default/files/css/ 4 KB
1 KB 20ms
19ms Stylesheet
text/css 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/sites/default/files/css/css_dnIw1FV_eEXd5jTZiSKBPOUnJJKnTI6pQ9IzbeFaY1I.css

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

767230d4557f7845dde634d98922813ce5272492a74c8ea943d2336de15a6352

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: "6255fcf1-4a6"
age: 11362
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 1190
x-request-id: 00-16e91de205ebb1bf19cee4918ac9656e-56aae3447a28a974-00
x-served-by: cache-lga21935-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Tue, 12 Apr 2022 22:28:01 GMT
x-timer: S1652104660.838532,VS0,VE4
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Mon, 09 May 2022 10:46:35 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 modernizr.min.js Show response
rednoseday.org/core/assets/vendor/modernizr/ 5 KB
3 KB 18ms
18ms Script
application/javascript 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/core/assets/vendor/modernizr/modernizr.min.js?v=3.3.1

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: W/"61155efa-1248"
age: 23974
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 2191
x-request-id: 00-16ec72c26660342f2ceb05730215689d-a40c090bc9f5a0eb-00
x-served-by: cache-lga21957-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Thu, 12 Aug 2021 17:48:42 GMT
x-timer: S1652104660.838610,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 07 May 2022 07:15:42 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H3

200

ab12745d93c5.js Show response
www.instagram.com/static/bundles/es6/EmbedSDK.js/
Redirect Chain

https://platform.instagram.com/en_US/embeds.js
https://www.instagram.com/embed.js
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js

15 KB
5 KB

16ms
6ms

Script
text/javascript

2a03:2880:f22d:1e6:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Requested by: Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Protocol: H3
Server: 2a03:2880:f22d:1e6:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 06 May 2022 17:14:32 GMT
content-encoding: br
etag: "ab12745d93c5"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
edge-control: max-age=1209600, no-transform
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
content-length: 4843
priority: u=3,i

Redirect headers

date: Mon, 09 May 2022 13:57:40 GMT
x-fb-trip-id: 1679558926
x-ig-origin-region: rva
content-type: text/html; charset=utf-8
location: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
cache-control: max-age=21600
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 RND-newLogo-Stacked-onLight_4.png
rednoseday.org/sites/default/files/ 35 KB
35 KB 9ms
7ms Image
image/png 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/RND-newLogo-Stacked-onLight_4.png

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ae7c686cc080a3bad860637882149e731f4dc2048e12f7582f124973f8e745a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "62570441-8bad"
age: 158
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 35757
x-request-id: 00-16ed2dc592f924092cd12b14b1953bf9-19621151fc91a68c-00
x-served-by: cache-lga21931-LGA, cache-hhn4028-HHN
last-modified: Wed, 13 Apr 2022 17:11:29 GMT
x-timer: S1652104660.930293,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Sun, 08 May 2022 16:27:44 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 logo_splash.png
rednoseday.org/themes/custom/rnd_usa/media/ 32 KB
32 KB 9ms
7ms Image
image/png 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/themes/custom/rnd_usa/media/logo_splash.png

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

75d56c786fa8a526c4b1505a47b9f54dde2f2fd74955fab46726493a0510cc46

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "62741ca0-7f48"
age: 27111
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 32584
x-request-id: 00-16ec6f8ca46601292b34c3eeaec99f1e-a430caa6a7d02bba-00
x-served-by: cache-lga21972-LGA, cache-hhn4028-HHN
last-modified: Thu, 05 May 2022 18:51:12 GMT
x-timer: S1652104660.930282,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Sat, 07 May 2022 06:16:53 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 at.js Show response
d3rse9xjbp8270.cloudfront.net/ 843 KB
241 KB 45ms
8ms Script
application/javascript 2600:9000:2156:3000:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Requested by: Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3000:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26bea68a1a10842222abca8367598d05866ee1444a0be1a1ae90e8b95fe5a65e

Request headers

Referer
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 08 May 2022 14:23:49 GMT
content-encoding: gzip
age: 84831
x-cache: Hit from cloudfront
content-length: 245567
access-control-allow-origin: *
last-modified: Tue, 03 May 2022 14:33:22 GMT
server: AmazonS3
etag: "f9f332a6baef9e5c8e3412e81ac97840"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: cRT7e1WJB0u8_W5GAx31LOs44lF3loY3Y2y_1CZxsGYPgK3DzO8j4Q==

GET
H2 200 at.min.css
d3rse9xjbp8270.cloudfront.net/ 59 KB
12 KB 23ms
7ms Stylesheet
text/css 2600:9000:2156:3000:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.min.css
Requested by: Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3000:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e86a3420c482479af7bc1e9f70df0b71126256caf2a04db12369f3a6cc121dcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 08 May 2022 14:34:26 GMT
content-encoding: gzip
age: 84194
x-cache: Hit from cloudfront
content-length: 11461
access-control-allow-origin: *
last-modified: Tue, 03 May 2022 14:33:22 GMT
server: AmazonS3
etag: "8fb6464e49f7de2b89d6c3f8ea0f4a03"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: vpgOrkjJh6XRB90lUbQJelZCp3QtNTznsJmGRQwPVkWCFJ5ouh9TsA==

GET
H/1.1 200
OK rnd_thank_you_msg.css
nvlupin.blob.core.windows.net/images/van/CMCR/CMCR/1/58906/images/css/rnd_usa/ 2 KB
2 KB 422ms
99ms Stylesheet
text/css 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/CMCR/CMCR/1/58906/images/css/rnd_usa/rnd_thank_you_msg.css
Requested by: Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 3d92854d6b0f7129aa577e8999aa16540fae431cd212c184fead017ec2a68808

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 09 May 2022 13:57:39 GMT
Last-Modified: Wed, 30 Sep 2020 21:43:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D86589D3BB61BB
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: 919e3d8c-801e-0064-53ac-63b6c9000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 1637

GET
H2 200 CriticalRole_Logo_White.png
rednoseday.org/sites/default/files/inline-images/ 73 KB
73 KB 107ms
105ms Image
image/png 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/inline-images/CriticalRole_Logo_White.png

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8b153a1558619ea3d02dde9ac3fd4f117e13578753bfe3e8553fea0df60a0848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "626b01c6-122d1"
age: 0
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 74449
x-request-id: 00-16ed738399973683aaded8db2aad34d1-023641886ccefe95-00
x-served-by: cache-lga21957-LGA, cache-hhn4028-HHN
last-modified: Thu, 28 Apr 2022 21:06:14 GMT
x-timer: S1652104660.930256,VS0,VE98
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 09 May 2022 13:45:47 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 4star234x60_0.gif
rednoseday.org/sites/default/files/inline-images/ 3 KB
4 KB 97ms
95ms Image
image/gif 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/inline-images/4star234x60_0.gif

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4044166e68ecd6cb297477183d054e4c8af9f7bb95d890108b4734d55dc3db38

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6261eba0-db9"
age: 29
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 3513
x-request-id: 00-16ed65d8aaa432a3d8b508b4c522154e-88da4ce9374d2983-00
x-served-by: cache-lga21939-LGA, cache-hhn4028-HHN
last-modified: Thu, 21 Apr 2022 23:41:20 GMT
x-timer: S1652104660.930243,VS0,VE89
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
expires: Mon, 09 May 2022 09:35:19 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 js_sb65Gdqn2RrcuFFkpfgb1HIDoW5AuIvIJaZ4udC1BoA.js Show response
rednoseday.org/sites/default/files/js/ 404 KB
123 KB 10ms
7ms Script
application/javascript 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/sites/default/files/js/js_sb65Gdqn2RrcuFFkpfgb1HIDoW5AuIvIJaZ4udC1BoA.js

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b1beb919daa7d91adcb85164a5f81bd47203a16e40b88bc825a678b9d0b50680

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: "6245f438-1ec75"
age: 1055874
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 126069
x-request-id: 00-16e6e59ee43c6391efed38d35dfdc915-ad4c1bb03b6cd31f-00
x-served-by: cache-lga21983-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Thu, 31 Mar 2022 18:34:32 GMT
x-timer: S1652104660.930033,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
expires: Mon, 02 May 2022 05:13:04 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 216 KB
77 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKRX83V

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

890f31386d73900b84e752f5bdc39653076ff94798e59411bdb7844c9ec96da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78458
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 May 2022 13:57:39 GMT

GET
H2 200 Regular-Regular.woff2
rednoseday.org/themes/custom/rnd_usa/fonts/ 57 KB
57 KB 8ms
7ms Font
font/woff2 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/themes/custom/rnd_usa/fonts/Regular-Regular.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d94d3425930a665425a10edadcf38a2cf2f3dd80642c591892c952a7f97bc1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6255fec0-e314"
age: 806257
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 58132
x-request-id: 00-16ea9725ff567773b3699736f87fa695-b32658be01396e84-00
x-served-by: cache-lga21960-LGA, cache-hhn4028-HHN
last-modified: Tue, 12 Apr 2022 22:35:44 GMT
x-timer: S1652104660.907446,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 27 Oct 2022 06:00:02 GMT
cache-control: max-age=15552000
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b819b3ac2fe5857b7026a609f9115f0d50a7d6e8085ba5987d70ed6baaa41f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: QOCwW4yAGGf1KecuWKZpX+3StCrAD21om+OhycniaLkqDkhkW2KubdIgp2r777WftuouZLWGrEyLLLSGiM+Mhw==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 09 May 2022 13:57:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 AFBYGZNM Show response
cdn.fundraiseup.com/widget/ 150 KB
48 KB 126ms
94ms Script
text/javascript 104.22.1.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.fundraiseup.com/widget/AFBYGZNM

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.1.244 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293461c4dbcd2cf88dde5a2bb6bfd3d04ab4f78f2a195a20f8c4f96e6025ee0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
server: cloudflare
link: <https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js>; rel=preload; as=script, <https://static.fundraiseup.com/1.f0bdb7dab3ac.sentry.js>; rel=preload; as=script, <https://static.fundraiseup.com/817cb0198f76.api.js>; rel=preload; as=script
etag: W/"3957476146"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 708af20cccea9b22-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 44ms
21ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-933958070

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

89ba0d4f6cf9500041778760fea24e37c6de04955c6a62b5435c64b600423749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14865
x-xss-protection: 0
server: cafe
etag: 2710672821686371805
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 May 2022 13:57:39 GMT

GET
H2 200 menu-expanded.png
rednoseday.org/core/misc/ 106 B
506 B 8ms
6ms Image
image/png 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/core/misc/menu-expanded.png

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

71044970e802b0cf12ff5cb2e20a5910192e473a2968385f99c2987d3a4d0231

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "61155efa-6a"
age: 69817
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 106
x-request-id: 00-16ea22b4ba6efa10b6bed28514c91055-669499b9dfc375c3-00
x-served-by: cache-lga21924-LGA, cache-hhn4028-HHN
last-modified: Thu, 12 Aug 2021 17:48:42 GMT
x-timer: S1652104660.953371,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Fri, 29 Apr 2022 18:26:13 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 magnify-icon.svg
rednoseday.org/themes/custom/rnd_usa/images/ 871 B
692 B 8ms
6ms Image
image/svg+xml 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/themes/custom/rnd_usa/images/magnify-icon.svg

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9b40f73a39cbe0b6e47a73e7c7f98b8e6900567767369c38951d7504796a8e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
content-encoding: gzip
etag: W/"62741ca0-367"
age: 20453
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 450
x-request-id: 00-16ec75ec38539ba6adce4292f07833a0-08004fc5168e5d84-00
x-served-by: cache-lga21938-LGA, cache-hhn4028-HHN
access-control-allow-origin: *
last-modified: Thu, 05 May 2022 18:51:12 GMT
x-timer: S1652104660.955421,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Sat, 07 May 2022 08:13:40 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 Regular-Bold.woff2
rednoseday.org/themes/custom/rnd_usa/fonts/ 59 KB
60 KB 8ms
7ms Font
font/woff2 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/themes/custom/rnd_usa/fonts/Regular-Bold.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

61a58c28ced474e1180f9ca7d0948ab8777667f6d650197a54d8fdcef02fef45

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6227bc7f-eddc"
age: 3567785
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 60892
x-request-id: 00-16e0c78d8622c281c72ccc4c56ebb2cb-af6d2fba50179450-00
x-served-by: cache-lga21968-LGA, cache-hhn4028-HHN
last-modified: Tue, 08 Mar 2022 20:28:47 GMT
x-timer: S1652104660.955561,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Sun, 25 Sep 2022 06:54:34 GMT
cache-control: max-age=15552000
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 Regular-Black.woff2
rednoseday.org/themes/custom/rnd_usa/fonts/ 62 KB
62 KB 8ms
7ms Font
font/woff2 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/themes/custom/rnd_usa/fonts/Regular-Black.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f0fe14bb9a7c3dcf54f5ae423033d14af65729ba90dbaf04151c3e028489c9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6245e822-f6b8"
age: 2965830
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 63160
x-request-id: 00-16e2eb0714aecf046da9e02ed37ed5cc-93240beacb171728-00
x-served-by: cache-lga21983-LGA, cache-hhn4028-HHN
last-modified: Thu, 31 Mar 2022 17:42:58 GMT
x-timer: S1652104660.955599,VS0,VE1
date: Mon, 09 May 2022 13:57:39 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Sun, 02 Oct 2022 06:07:09 GMT
cache-control: max-age=15552000
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H3 200 1128146070658747 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 18ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1128146070658747?v=2.9.58&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

13e328620e57b44c49d0bbf0b0b4acdc39209894d37c22143a7155e21267fa30

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88799
x-xss-protection: 0
pragma: public
x-fb-debug: uHmijIFVf8GYG8iB9n/lM3pbCnolwl83MQc4zs2MJ+86eiAFW5klE3CRnkmJP/hZqsdoBcfL2T1potQuizkGQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 09 May 2022 13:57:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 124 KB
45 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3a19c49ad23cd46f3d4b7ed3f9c0989810144a934931d93f4659e5597cf5a860

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45597
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKRX83V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5911
date: Mon, 09 May 2022 12:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 09 May 2022 14:19:09 GMT

GET
H3

200

activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_sour... Show response
6631903.fls.doubleclick.net/ Frame 9E94
Redirect Chain

https://6631903.fls.doubleclick.net/activityi;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_so...
https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Fredno...

600 B
469 B

33ms
19ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKRX83V

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

b009a9063217c0ddad8076be4bf227c985c9d490a024d01b0536246fcc878c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 444
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 May 2022 13:57:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 May 2022 13:57:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 28 KB
10 KB 217ms
8ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKRX83V
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 16:26:14 GMT
etag: "1ce6e12fa6e9b18909e94a06df1ef9cb+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 9561
x-served-by: cache-iad-kjyo7100113-IAD, cache-hhn11581-HHN

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 125 KB
37 KB 202ms
117ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9KPDF3C77UD01Q8HF5G&lib=ttq
Requested by: Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ec88e9506673eb2528a9f57aa4136624cc5481b2ab3db552bb8ec24120951c94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-akamai-request-id: 3bc9093e
date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.8.0-41078462) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=103
content-length: 37168
pragma: no-cache
server: nginx
x-tt-logid: 2022050913574001011300620504E8FEB1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 103,23.36.161.204
x-tt-trace-host: 015a142afd41abb9a9199931edc39c71d431dbc00538693a1eb3d387fcd582b9bdd5a81735e8a6733e1d108a8c0326984ca0dc70f9ebf828a2b867910da9a6c708971ab1053d6fd6eab2bb82c1282e97322a512cf488774bb1319558e5942fa105
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/933958070/ 2 KB
2 KB 40ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933958070/?random=1652104660090&cv=9&fst=1652104660090&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa540&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&tiba=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2ef783d98c84e41fcb8b060422accdf6c9ca1fa1b2f7a1c1aba59ed27204266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1112
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2.74b43cbd0652.vendors~sentry.js Show response
static.fundraiseup.com/ 91 KB
26 KB 34ms
25ms Script
text/javascript 104.22.1.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.1.244 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

688bdda39cec72ae7abed77b96a17f8dc2e451294bb9e4209ee5f6ce105cb334

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 881016
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8M1Y384M037QYNRZ
x-amz-id-2: Ypa3s3EMqYa/NlQNzNvTJ03ma31kVZYuqE1AOyXK2GtuLff6JYnG01/Y3Y5GOs2sMHvW8r6d5l0=
last-modified: Fri, 29 Apr 2022 08:59:51 GMT
server: cloudflare
etag: W/"fc290336366a01044d2536264df81743"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20dae819b22-FRA

GET
H2 200 1.f0bdb7dab3ac.sentry.js Show response
static.fundraiseup.com/ 1 KB
863 B 28ms
18ms Script
text/javascript 104.22.1.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/1.f0bdb7dab3ac.sentry.js

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.1.244 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

225b015805bba46da83b81f808d5e0db7292f5f5f903c62a882d29461452bd95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20229
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C0DNV0A3DPZ3BV3A
x-amz-id-2: ZQ5uX9n6aVw7mtB8ra+fRa/WZZTcs/yRHy3mS7TXe6NkqcsR98f0QzwKRt5zyF27tRTM9cf5Qig=
last-modified: Mon, 09 May 2022 08:05:45 GMT
server: cloudflare
etag: W/"f1f986d27e3b4a568fa7e7160cd8e403"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20dae829b22-FRA

GET
H2 200 817cb0198f76.api.js Show response
static.fundraiseup.com/ 411 KB
124 KB 40ms
30ms Script
text/javascript 104.22.1.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/817cb0198f76.api.js

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.1.244 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5253e6e32ef7696f4908b876e1d2370979b484ec92fe9a8e176e9c0e9ca625d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20228
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C0DKFABXNMCHFRSR
x-amz-id-2: 1BBiwwes0bw/07Gd9fOUXU7UZlETkovzFk7GR4biHW49gd8kJaGS630XR40ANIPfPcJW7xnBcZo=
last-modified: Mon, 09 May 2022 08:05:58 GMT
server: cloudflare
etag: W/"76e25369dbb204a568cb2dad6c919c5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20dae849b22-FRA

GET
H3 200 237689050718610 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/237689050718610?v=2.9.58&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2e2659d8ccf5c35d54317b0773c781febf49ae27e0d6e7d66650fe2e37305748

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88800
x-xss-protection: 0
pragma: public
x-fb-debug: s0RDBHnwM9vZ4abAFRBkzkCnhOKQsVqZ7Cq2lPtDqFyzywstW4QWEdEGlBcBZnp7kujgauOZtNZ8wryF16CxTA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 09 May 2022 13:57:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 41ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1128146070658747&ev=PageView&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&rl=&if=false&ts=1652104660108&sw=1600&sh=1200&v=2.9.58&r=stable&ec=0&o=30&fbp=fb.1.1652104660106.1195454717&it=1652104660022&coo=false&exp=p0&rqm=GET

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H3 200 AFBYGZNM.js Show response
static.fundraiseup.com/embed-data/elements-global/ 42 B
506 B 62ms
49ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/embed-data/elements-global/AFBYGZNM.js

Requested by

Host: cdn.fundraiseup.com
URL: https://cdn.fundraiseup.com/widget/AFBYGZNM

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

809176edc7cc541eb710bd951c6d8fa71dd0f736209d72474613b1a6a839b535

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 344
cf-ray: 708af20e0ad79279-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42
x-amz-id-2: yz2KHkk/NOI3o9HCIsYXHf5i+lBeFL0PurMLQqGCtWTgAjspac7q4OY1lsYnffUL9gnTYQzWCZI=
last-modified: Mon, 09 May 2022 13:50:21 GMT
server: cloudflare
etag: "3e470b938e97030246cc826a0bf45724"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ARGPF4WH6QBC0QGX
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: text/javascript

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=342641416&t=pageview&_s=1&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&ul=en-us&de=UTF-8&dt=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1028490277&gjid=1439128057&cid=608112732.1652104660&tid=UA-62601103-1&_gid=867770554.1652104660&_r=1&gtm=2wg540TKRX83V&z=780683856

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://rednoseday.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/933958070/ 42 B
548 B 42ms
20ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/933958070/?random=1652104660090&cv=9&fst=1652101200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa540&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&tiba=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&async=1&fmt=3&is_vtc=1&random=287903417&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/933958070/ 42 B
548 B 43ms
21ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/933958070/?random=1652104660090&cv=9&fst=1652101200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa540&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&tiba=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&async=1&fmt=3&is_vtc=1&random=287903417&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
sentry.fundraiseup.com/api/2/envelope/ 2 B
160 B 308ms
100ms Fetch
application/json 147.135.78.45
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sentry.fundraiseup.com/api/2/envelope/?sentry_key=cb0af19166ad4bdeb8c3efc4848d6635&sentry_version=7
Requested by: Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.78.45 , United States, ASN16276 (OVH, FR),
Reverse DNS
Software: Caddy, nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://rednoseday.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://rednoseday.org
access-control-expose-headers: x-sentry-rate-limits, retry-after, x-sentry-error
server: Caddy, nginx
date: Mon, 09 May 2022 13:57:40 GMT
content-length: 2
vary: Origin
content-type: application/json

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 16ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=237689050718610&ev=PageView&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&rl=&if=false&ts=1652104660190&sw=1600&sh=1200&v=2.9.58&r=stable&ec=0&o=30&fbp=fb.1.1652104660106.1195454717&it=1652104660022&coo=false&exp=p0&rqm=GET

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H2 200 dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Dredno... Show response
adservice.google.com/ddm/fls/i/ Frame E7B5 599 B
913 B 81ms
44ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Requested by

Host: 6631903.fls.doubleclick.net
URL: https://6631903.fls.doubleclick.net/activityi;dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8b6bd68acd15d236f3798ea969a1e2c0074799d91d41272488d24c62ad016a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6631903.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 444
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 May 2022 13:57:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-62601103-1&cid=608112732.1652104660&jid=1028490277&gjid=1439128057&_gid=867770554.1652104660&_u=YEBAAEAAAAAAAC~&z=1363037811

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 May 2022 13:57:40 GMT
content-type: text/plain
access-control-allow-origin: https://rednoseday.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2.f6c9e3addfea.vendors~bootvue~checkoutForm~p2p-new-form~showcaseform~test-mode-panel~widgetgui.js Show response
static.fundraiseup.com/ 8 KB
4 KB 15ms
15ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/2.f6c9e3addfea.vendors~bootvue~checkoutForm~p2p-new-form~showcaseform~test-mode-panel~widgetgui.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccd40d056c82420b2f94a59f4dd885eabd07082831f58afb5bed8883ea9b4a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJFA989KTX8ZR67M
x-amz-id-2: 9LyMN7Wt0zDbzMQfdpVPbqRJAUgHEPH6kLS1zvlPY8ugZyludHGiIc1Mm5CML4Z62X97ONZ7LoY=
last-modified: Mon, 09 May 2022 08:05:49 GMT
server: cloudflare
etag: W/"1fa908ef8f8261b4fff447b40c07c39b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc2b9279-FRA

GET
H3 200 3.f12191f63c52.vendors~bootvue~checkoutForm~showcaseform~test-mode-panel~widgetgui.js Show response
static.fundraiseup.com/ 16 KB
5 KB 14ms
14ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/3.f12191f63c52.vendors~bootvue~checkoutForm~showcaseform~test-mode-panel~widgetgui.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadf90f62b7e83e17c85372b77932879a587729dcf5aa003108d328313b8e5dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJF8CJTHZ6363FX6
x-amz-id-2: HPn7eLzdpIZ7voXiy3bdKGSoKZaUlc67v1yDx6kAgADXCFFvmPB46fmowt5BtyafdVjbGPjnj40=
last-modified: Mon, 09 May 2022 08:05:53 GMT
server: cloudflare
etag: W/"788a091f782531989421c2ad720c886a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc2f9279-FRA

GET
H3 200 4.22f4c0466367.vendors~bootvue~checkoutForm~showcaseform~widgetgui.js Show response
static.fundraiseup.com/ 51 KB
17 KB 21ms
20ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/4.22f4c0466367.vendors~bootvue~checkoutForm~showcaseform~widgetgui.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25d58374b1f107a8159a586267408e60e47d16b402e7e5f5d8aba67d23fcd2ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJFDGYAZ9BGBYGVX
x-amz-id-2: QHiW3Mpseot5bpOimUCxDB5i4Ify8sgDwcSlWe62uAJXMyqxWS+aX5g3TQm1W/fMNu4Oy1GiBMw=
last-modified: Mon, 09 May 2022 08:05:56 GMT
server: cloudflare
etag: W/"d8dea2e0bbcfdfe1102262fac4e80cde"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc319279-FRA

GET
H3 200 8.dae34c542cfc.checkoutForm.js Show response
static.fundraiseup.com/ 181 KB
45 KB 21ms
21ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/8.dae34c542cfc.checkoutForm.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

885c1d22102554dfbdb96a552bd6516d62a6f7589e5d4c2208220b010535be66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJF9DWRXKNB27HSF
x-amz-id-2: sJ+iIzmDXhEXwjaWrp8Q/YZqGKjXV6BmzYGXf6d/5i5IZUyPJ7Ww9fnzJicYZa66TBaYL2S5oAg=
last-modified: Mon, 09 May 2022 08:05:58 GMT
server: cloudflare
etag: W/"d55479fe689f0be53e9f12817a700a34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc329279-FRA

GET
H3 200 7.796642e58b65.vendors~p2p-new-form~top-fundraisers~widgetgui.js Show response
static.fundraiseup.com/ 16 KB
6 KB 15ms
15ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/7.796642e58b65.vendors~p2p-new-form~top-fundraisers~widgetgui.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff9cb47a51c60181ff7ecaf80e83b6b0272a696d0b7c70da627d80a517e8f8af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 357549
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7HM9PJC7R579Q32R
x-amz-id-2: zzJfsRashFYRamG4de52LGVT2DXUNMAlCn/JyDYVsnTVhSm9b71QfnL7uCR6gbDsnykRrjiSX6bMYfx9NZv/ow==
last-modified: Thu, 05 May 2022 10:23:28 GMT
server: cloudflare
etag: W/"e50138bca0f4e22f5ce48381506e6c81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc339279-FRA

GET
H3 200 385.b2e0fc7c759a.widgetgui.js Show response
static.fundraiseup.com/ 864 KB
163 KB 35ms
35ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/385.b2e0fc7c759a.widgetgui.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

544a90302a22bce894b1c4def935219da6b9c5998c4fbad1f6ec84b9e161f25d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJFFQB7AHYWFV4HC
x-amz-id-2: BusNfUsocV8XzZwBWniCY9Mi9H6IZUblrJffCQjMJFVn/WLXdxrCAtfZLxOhoGMShtAmcBPdxXE=
last-modified: Mon, 09 May 2022 08:05:55 GMT
server: cloudflare
etag: W/"ffcb354eee832e2913202d059fd6a2aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af20ecc349279-FRA

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 46ms
31ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-62601103-1&cid=608112732.1652104660&jid=1028490277&_u=YEBAAEAAAAAAAC~&z=56172815

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 46ms
30ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-62601103-1&cid=608112732.1652104660&jid=1028490277&_u=YEBAAEAAAAAAAC~&z=56172815

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Dredno... Show response
6631903.fls.doubleclick.net/ddm/fls/r/ Frame 3116
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.or...
https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Fredno...

416 B
361 B

19ms
19ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

e0aafeb81b48aeb272103b55e26ceb672061794b9605adad0251ddf94e75bf98

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 336
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 May 2022 13:57:40 GMT
expires: Mon, 09 May 2022 13:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 May 2022 13:57:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 106ms
106ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9KPDF3C77UD01Q8HF5G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-akamai-request-id: a3641df9.3bc90b82
date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-20.deploy.akamaitechnologies.com (AkamaiGHost/10.8.0-41078462) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.8.0-41078462) (-)
x-parent-response-time: 93,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=90, origin; dur=4, inner; dur=2
pragma: no-cache
server: nginx
x-tt-logid: 20220509135740010113006233007D5409
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 5,23.220.104.20
x-tt-trace-host: 015a142afd41abb9a9199931edc39c71d46240fd1ea0bc07c6520a5d2cd81eacc1ca12aeb99cc2494731be2f4b9b9b4268eb41b14bf3f802719a20deb6e966cb8421e5ff57d41892e72bb4be240c0ccd82e19dda7c0b0f76071bc1a5935d8966a4187393a3ffad841598673c4b026c2808
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 58 KB
20 KB 105ms
105ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C9KPDF3C77UD01Q8HF5G&hostname=rednoseday.org
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9KPDF3C77UD01Q8HF5G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 65f68a92026171d52734e59eb0a22482c34117acb7c4b70eb1c5ccb378f79810

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 2022050913574001011313514710213394
vary: Accept-Encoding
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.8.0-41078462) (-)
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 90,23.36.161.204
x-tt-trace-host: 015a142afd41abb9a9199931edc39c71d431dbc00538693a1eb3d387fcd582b9bdd5a81735e8a6733e1d108a8c0326984cdb0e27343771a69066a15814ffdf9dac28a088ef853f7e68cee10e8d093c66356d9ea090b13132e7b993bcab4ab35535
server-timing: inner; dur=2, cdn-cache; desc=MISS, edge; dur=0, origin; dur=90
x-akamai-request-id: 3bc90c17
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 352ms
123ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nuwad&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=92a213f6-3433-4151-a24a-00350acb615e&tw_document_href=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time: 116
date: Mon, 09 May 2022 13:57:40 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 4daccc13a9b64c43e0ac23f9cb2668bf5741e7cf4a5b815e4ba5452cab6bed06
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
338 B 204ms
116ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=nuwad&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=92a213f6-3433-4151-a24a-00350acb615e&tw_document_href=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 09 May 2022 13:57:39 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0f3587288d859611a8d9c3862faf18fd4af4fb01d49f72a94ab1db3445f07991
content-length: 43

GET
H2 200 RND-newLogo-Stacked-onDark_0.png
rednoseday.org/sites/default/files/inline-images/ 33 KB
33 KB 130ms
130ms Image
image/png 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/inline-images/RND-newLogo-Stacked-onDark_0.png

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d50a503feb53b8d130d9d0778e46d398ad361a8c485f46e3992d4b2288e5d9d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6269cfc0-834e"
age: 0
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 33614
x-request-id: 00-16ed7383b67c1a78012b67df34086fdb-34adb10b12202a8c-00
x-served-by: cache-lga21928-LGA, cache-hhn4028-HHN
last-modified: Wed, 27 Apr 2022 23:20:32 GMT
x-timer: S1652104660.404777,VS0,VE108
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 09 May 2022 13:45:47 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02fec9f174dffb0be15100f05e56769f4800c7d4f3cc1a076a7a01332dc62abe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 StephenColbertxCriticalRole_emailHeader_blank-1_0.jpg
rednoseday.org/sites/default/files/2022-04/ 930 KB
931 KB 106ms
106ms Image
image/jpeg 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/2022-04/StephenColbertxCriticalRole_emailHeader_blank-1_0.jpg

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

287a092f3846cf6a25843271d36fd2283115b54e5a2f766f63f89dd7fc4c721f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "626afc8d-e887b"
age: 0
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 952443
x-request-id: 00-16ed7383b79d580c94be3fc1f7055dbe-7623aa45c9bae6cd-00
x-served-by: cache-lga21942-LGA, cache-hhn4028-HHN
last-modified: Thu, 28 Apr 2022 20:43:57 GMT
x-timer: S1652104660.406613,VS0,VE99
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 May 2022 13:45:47 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 Regular-Semibold.woff2
rednoseday.org/themes/custom/rnd_usa/fonts/ 59 KB
59 KB 10ms
10ms Font
font/woff2 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rednoseday.org/themes/custom/rnd_usa/fonts/Regular-Semibold.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f43237468f20cc66d2af4b2526c5acc9ab86691412e5843d5903e586aedfd7e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://rednoseday.org/sites/default/files/css/css_sOFq-G1Jdx9SavR7v4d8uqSAlpvCEoDGrlVJn9abpqE.css
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "6255fec0-ea74"
age: 808240
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 60020
x-request-id: 00-16ea955851ea2e8aa08cab3f5afea561-f4b03ca7bc1518fe-00
x-served-by: cache-lga21960-LGA, cache-hhn4028-HHN
last-modified: Tue, 12 Apr 2022 22:35:44 GMT
x-timer: S1652104660.409698,VS0,VE1
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 27 Oct 2022 05:26:59 GMT
cache-control: max-age=15552000
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 2, 1

GET
H2 200 bg_popup_form.jpg
rednoseday.org/sites/default/files/styles/teaser_medium_960_x_490/public/2020-07/ 83 KB
84 KB 101ms
101ms Image
image/jpeg 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rednoseday.org/sites/default/files/styles/teaser_medium_960_x_490/public/2020-07/bg_popup_form.jpg?h=3aa0b470&itok=0g-p0zGs

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

96981ffdc733a2b20b07d87e089045842a5b03480ebdbd176ef626ac0a1688b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=0
via: 1.1 varnish, 1.1 varnish
etag: "5f17bf87-14c77"
age: 158
x-cache: HIT, HIT
x-platform-cluster: fw66sno2q45v2-master-7rqtwti
x-platform-processor: fw66sno2q45v2-master-7rqtwti--app
content-length: 85111
x-request-id: 00-16ed467fbd24beb7081c08e119167595-bbd694129d4ab5d3-00
x-served-by: cache-lga21922-LGA, cache-hhn4028-HHN
last-modified: Wed, 22 Jul 2020 04:24:39 GMT
x-timer: S1652104660.442253,VS0,VE87
date: Mon, 09 May 2022 13:57:40 GMT
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 May 2022 00:00:52 GMT
cache-control: max-age=300
accept-ranges: bytes
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-router: fw66sno2q45v2-master-7rqtwti--router
x-cache-hits: 1, 1

GET
H2 200 extra.min.css
d3rse9xjbp8270.cloudfront.net/ 98 KB
17 KB 10ms
10ms Stylesheet
text/css 2600:9000:2156:3000:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3000:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 10ba4ea2b096ecc464f85e70c011b9fff4787e644f47244e2402f44cf29c2a8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 08 May 2022 14:42:43 GMT
content-encoding: gzip
age: 84194
x-cache: Hit from cloudfront
content-length: 16795
access-control-allow-origin: *
last-modified: Tue, 03 May 2022 14:33:22 GMT
server: AmazonS3
etag: "e7df083ddce29c00421bced530806f41"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: COoEEMEm6DVE6KgSNLxwcaQUOWtFQPgRuhPJwCFR0ySqHAffrlzIfA==

GET
H2 204 identity Show response
profile.ngpvan.com/ 0
764 B 504ms
438ms Script
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/identity?callback=_jqjsp
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
reason: Returned 204 - No Content. Referrer not whitelisted
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-iinfo: 18-77992561-77992574 NNNN CT(93 205 0) RT(1652104659625 36) q(0 0 3 5) r(4 4) U5
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H3 200 XVBCYSUJ.js Show response
static.fundraiseup.com/embed-data/elements/ 635 B
800 B 19ms
19ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/embed-data/elements/XVBCYSUJ.js

Requested by

Host: cdn.fundraiseup.com
URL: https://cdn.fundraiseup.com/widget/AFBYGZNM

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb706edc54b9e10114f1ae97767b56e1bbe9c0a41cb25f2dfb4f3418193b18f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1012
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: B582Y42QAWATJ1Y0
x-amz-id-2: om04LInmLN8zEONXMTfZNO3QOyW6Oxyyc+LOtClKltQRWBVd3bBLhcvn2pC84mhB5857oZSmI3c=
last-modified: Mon, 09 May 2022 08:38:30 GMT
server: cloudflare
etag: W/"85f0643a8d3bb47c0aa3196946bb1a9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript
cache-control: no-cache, no-store
cf-ray: 708af2105eb69279-FRA

GET
H3 200 XJZRZPWS.js Show response
static.fundraiseup.com/embed-data/elements/ 4 KB
2 KB 15ms
14ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/embed-data/elements/XJZRZPWS.js

Requested by

Host: cdn.fundraiseup.com
URL: https://cdn.fundraiseup.com/widget/AFBYGZNM

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876910a7c8cb9f7357873f1e03295ff0aa7956283b9c50d42d77b3e8e97cfb9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1012
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: B585CGTK042TWG4N
x-amz-id-2: cf3N+S5rw4jRe4tm6rokK+gEHCSY/6GyOhNgKG5A3baVrpo/+Fq97L36+JhFwDdzs6RYeOreNM8=
last-modified: Mon, 09 May 2022 08:38:30 GMT
server: cloudflare
etag: W/"966291777e2d56fe5dff4e4dca77c43d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript
cache-control: no-cache, no-store
cf-ray: 708af2105eb89279-FRA

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js2.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 84ms
15ms Script
application/javascript 2600:9000:2156:2e00:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2e00:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: s108w9ESk9MsUpkYVuIVY.XmC2guOF28
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:27 GMT
Server: AmazonS3
Age: 4
ETag: W/"9b953aa54ddcf3f41bc5a40e25cf8452"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
Connection: keep-alive
Date: Mon, 09 May 2022 13:57:40 GMT
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: uai8RhsztR3vrcy9hlpVwylcdFmxLBL0RqH7WymA9b-Mndun1Dtdag==

GET
H/1.1 200
OK uk2J_rnpfkGpAQTCwO63pQ2 Show response
secure.everyaction.com/v1/Forms/ 55 KB
18 KB 526ms
484ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/v1/Forms/uk2J_rnpfkGpAQTCwO63pQ2?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d1a5f50bc60b39d01517b1e0e6bbdf516be5118b0ef1233464880cba7035bca3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Mon, 09 May 2022 13:57:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-CDN: Imperva
X-Iinfo: 10-56229710-56229712 NNNN CT(85 176 0) RT(1652104659698 10) q(0 0 2 -1) r(4 4) U18
Vary: Origin,Accept-Encoding
Content-Length: 17106
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://rednoseday.org
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, max-age=10
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

GET
H/1.1 200
OK pixel.gif
tracker.samplicio.us/tracker/c810b50c-3c18-4259-9dc7-fab8d5df4b0f/ Frame 3116 35 B
390 B 423ms
95ms Image
image/gif 52.202.99.104
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracker.samplicio.us/tracker/c810b50c-3c18-4259-9dc7-fab8d5df4b0f/pixel.gif?sid=Website&pid=Page_Load&crid=Walgreens&device_id=ENTER_MOBILE_AD_ID_MACRO&gdpr=&gdpr_consent=&gdpr_pd=&cachebuster=444604155

Requested by

Host: 6631903.fls.doubleclick.net
URL: https://6631903.fls.doubleclick.net/ddm/fls/r/dc_pre=CJbZl7vJ0vcCFViG1QoduUYMYw;src=6631903;type=redno0;cat=redno0;ord=5112552345936;gtm=2wg540;auiddc=606964038.1652104660;~oref=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.202.99.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-99-104.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6631903.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Mon, 09 May 2022 13:57:40 GMT
Server: nginx/1.20.0
Connection: keep-alive
Content-Length: 35
Strict-Transport-Security: max-age=604800
Content-Type: image/gif

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
569 B 114ms
114ms Ping
application/octet-stream 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9KPDF3C77UD01Q8HF5G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:40 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 2022050913573801011300720203447B08
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.8.0-41078462) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 101,23.36.161.204
x-tt-trace-host: 015a142afd41abb9a9199931edc39c71d431dbc00538693a1eb3d387fcd582b9bdd5a81735e8a6733e1d108a8c0326984cf51b0606f994bbeb353dc22e9eee24a84a7aac4f47bf830d552a44b6beea7aa5a2b59b1bf55ab17ceeb3de1ea0891785
server-timing: inner; dur=11, cdn-cache; desc=MISS, edge; dur=0, origin; dur=101
x-akamai-request-id: 3bc9101d
content-length: 0
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1128146070658747&ev=Microdata&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&rl=&if=false&ts=1652104660628&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Red%20Nose%20Day%20USA%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Frednoseday.org%2Fcritical-role%22%2C%22og%3Atitle%22%3A%22Critical%20Role%20%7C%20Red%20Nose%20Day%20USA%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Aimage%3Aurl%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Alocale%22%3A%22en_GB%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A0%2C%22w%22%3A124%7D%2C%22properties%22%3A%7B%22url%22%3A%22%2Fhome%22%2C%22logo%22%3A%22%2Fsites%2Fdefault%2Ffiles%2FRND-newLogo-Stacked-onLight_4.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FOrganization%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.58&r=stable&ec=1&o=30&fbp=fb.1.1652104660106.1195454717&it=1652104660022&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 09 May 2022 13:57:40 GMT

GET
H3 200 11.ad94bc329a38.vendors~donate-button-v2~sticky-button-v2.js Show response
static.fundraiseup.com/ 9 KB
4 KB 22ms
22ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/11.ad94bc329a38.vendors~donate-button-v2~sticky-button-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c9215277ad538fc42515c042d97d37ecd470fd03917e724c9a7407375acc28d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W030Q3982X8CQ469
x-amz-id-2: auienIqFCVbCrfooWiIHO+rRuftB7wos9JSGcOr4oupo+dnhEjILU+35Yz5VzJQsydyjVfyDzj0=
last-modified: Mon, 09 May 2022 08:05:46 GMT
server: cloudflare
etag: W/"5faa296e5921bc6571f295fdaa06d878"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffad9279-FRA

GET
H3 200 0.67af129fbe40.button-group-v2~debug-panel~donate-button-v2~donation-form-v2~donation-levels-v2~donor-map~floating-~ed052468.js Show response
static.fundraiseup.com/ 68 KB
13 KB 14ms
13ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/0.67af129fbe40.button-group-v2~debug-panel~donate-button-v2~donation-form-v2~donation-levels-v2~donor-map~floating-~ed052468.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ecd3a9aa42b506431b68b6a4b42f9ee2eab416242241c4cdc4cdb93f6bc942

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VJF659FW5W4G2SZA
x-amz-id-2: AQyuRNj8vEnYcyVsspOAg+hxSm56fY9zmZrDDgKv/W4I3St9TwEXDGtW19DXJN5L8UwqE+2JQZk=
last-modified: Mon, 09 May 2022 08:05:45 GMT
server: cloudflare
etag: W/"c9f5c26023b774325fcfadcda7fa8f98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffaf9279-FRA

GET
H3 200 1.a89c27202cd4.button-group-v2~debug-panel~donate-button-v2~donation-form-v2~donation-levels-v2~floating-button-v2~~4b0879c1.js Show response
static.fundraiseup.com/ 23 KB
6 KB 15ms
15ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/1.a89c27202cd4.button-group-v2~debug-panel~donate-button-v2~donation-form-v2~donation-levels-v2~floating-button-v2~~4b0879c1.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8493e3577a358bfb26aecc7558e2f090826c962f3ab333535eabbc76eb63944f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W03CEPXV2FJHJVPS
x-amz-id-2: mDYLMV4xQKsHMyvEVQ2J/cSU6hwRIhM6aJI2TosFUiTZHzUHsXl9GMeDds2CA55Zecor8jyZF/Q=
last-modified: Mon, 09 May 2022 08:05:45 GMT
server: cloudflare
etag: W/"fc015e46d44f720b0e519653f55915f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb09279-FRA

GET
H3 200 5.01030e27cb63.donate-button-v2~p2p-button-v2~sticky-button-v2.js Show response
static.fundraiseup.com/ 13 KB
4 KB 14ms
13ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/5.01030e27cb63.donate-button-v2~p2p-button-v2~sticky-button-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e7146f4cd755546ffc8984dd6ae5fd5c6a02eeddd1f7dc2da21bdef60fc3dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W03DMMNQFEBMH0EA
x-amz-id-2: aEuT2E0p1kgO9ZZfF4d24p9UB/XzJwmcwVxbIHeLpsLHJ+bw1GF/cK99dN0vHXj0JicFmVKufUA=
last-modified: Mon, 09 May 2022 08:05:57 GMT
server: cloudflare
etag: W/"a52053be1f9e4b45d8757ca174307a89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb19279-FRA

GET
H3 200 308.072d8d047495.donate-button-v2.js Show response
static.fundraiseup.com/ 7 KB
3 KB 17ms
17ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/308.072d8d047495.donate-button-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7409a8d0b81943f0ea01b343797b19b59889adb89c077e98c5e8d7601fcef03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W0370WXQZNHTYPHB
x-amz-id-2: JXMDqb1kpdI6XL74ym9au1T/zMQAUkXyRLpwHZDPRfeQIdOCmkfhWZSDbU0SODXh1pUkbZJ/l2U=
last-modified: Mon, 09 May 2022 08:05:53 GMT
server: cloudflare
etag: W/"ce8658a5d9f3b507d01e0a1676a690d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb29279-FRA

GET
H3 200 361.7706ddf45032.vendors~donation-form-v2.js Show response
static.fundraiseup.com/ 9 KB
4 KB 18ms
17ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/361.7706ddf45032.vendors~donation-form-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92522e5dbc8ce5c2280ac2f600616055c75b64576d76629a7e15f79eb2c05aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20070
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YK2CECHSDQVHN3PH
x-amz-id-2: 8uZLl+Znf7xf5MwL8g4GYcO4iyaxpNUxAx5/ih4Lzmu8uebAeMIp5YsDFkgizpHfWU6R7XH3ro8=
last-modified: Mon, 09 May 2022 08:05:54 GMT
server: cloudflare
etag: W/"e6212c41f60afe6866e49d2d4587ca44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb49279-FRA

GET
H3 200 9.b72842373566.donation-form-v2~simple-form-v2.js Show response
static.fundraiseup.com/ 23 KB
7 KB 17ms
15ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/9.b72842373566.donation-form-v2~simple-form-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b05de7acc261d750abdaedfb07d35e3397a5500f780076ee48aacbc77847298d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20070
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YK2BB2TVPMG4WM8P
x-amz-id-2: +ol2T3WGOF70zvW2wXJVRzMjQ8bWvDvaEW3EmxaqppKkMWzB6ap5uho04+rhe0tjtx/zyTXKw+s=
last-modified: Mon, 09 May 2022 08:05:59 GMT
server: cloudflare
etag: W/"1746fa4c4357fdc04c5ca0d0227d396b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb59279-FRA

GET
H3 200 309.21417f831c98.donation-form-v2.js Show response
static.fundraiseup.com/ 38 KB
10 KB 20ms
19ms Script
text/javascript 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/309.21417f831c98.donation-form-v2.js

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/817cb0198f76.api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6b5d52378ced8838d2f24fc63c7872303978a04008b34b9790b0ba5ff9421bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 20070
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YK25NREVQHDDDHEH
x-amz-id-2: o4dQVEMGhhhzR1X5EbtFZ/bYcCcdI9nBqZG0DgCFBokdZrwNAwAwWYE67soHFPsAVV8S5aChgHE=
last-modified: Mon, 09 May 2022 08:05:53 GMT
server: cloudflare
etag: W/"f683301c3aedd03b77d2c10c04647e9e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
cache-control: max-age=2678400
cf-ray: 708af210ffb79279-FRA

GET
H3 200 ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-600.643ad5d92cd7.woff2
static.fundraiseup.com/fonts/ibm-plex-sans/ Frame D35A 56 KB
56 KB 42ms
30ms Font
application/octet-stream 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/fonts/ibm-plex-sans/ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-600.643ad5d92cd7.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8b4efc9d633bf6a74302401662e42d85a36070ded6ad2497958ccafc2737f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://rednoseday.org/
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 169511
cf-ray: 708af2119efc916e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56996
x-amz-id-2: D02faaL2ngXvQ5TWJJFEkFOTKe+kavIfMHejy4GK6SwBN0eOkz12Cly6ATF9gPIQ9dVIomGzgVg=
last-modified: Fri, 06 May 2022 08:25:44 GMT
server: cloudflare
etag: "643ad5d92cd7c31076790077c3003abc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET
x-amz-request-id: CZFN4EEXMWKPF7CY
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
content-type: application/octet-stream

GET
H3 200 ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-700.d6502c623b1b.woff2
static.fundraiseup.com/fonts/ibm-plex-sans/ Frame D35A 52 KB
52 KB 48ms
36ms Font
application/octet-stream 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/fonts/ibm-plex-sans/ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-700.d6502c623b1b.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fc9410b3f02fdce5060168717a2182c1275ba8f116f257661b6deaa2851ee9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://rednoseday.org/
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 1400496
cf-ray: 708af2119efe916e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53024
x-amz-id-2: SMgFOogd/Wz/hH55qjElJraTbB2STNcjseD36pTlT1TnbNhrnqqR18amR5RQ+Il14Smmgm5JD+Q=
last-modified: Sat, 23 Apr 2022 03:41:50 GMT
server: cloudflare
etag: "d6502c623b1b74dce94988d329d4f4b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET
x-amz-request-id: B492ZX383G8SBWD5
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
content-type: application/octet-stream

GET
H3 200 ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-regular.c9e466876957.woff2
static.fundraiseup.com/fonts/ibm-plex-sans/ Frame D35A 52 KB
52 KB 62ms
50ms Font
application/octet-stream 172.67.15.63
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.fundraiseup.com/fonts/ibm-plex-sans/ibm-plex-sans-v8-vietnamese_latin-ext_latin_greek_cyrillic-ext_cyrillic-regular.c9e466876957.woff2

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.15.63 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

205b5e5ac97e41a70efe74150a9893bdb05ff1d3921808b96d8780aa31c7940a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://rednoseday.org/
Origin: https://rednoseday.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 169511
cf-ray: 708af2119f01916e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53064
x-amz-id-2: Vfq2nWL7JLGNg8myTJ38sjpDz7t9GtgPS5lT6CxOaqdNymWfKtum2HhaXQYZw91JZ1NeX4cr3Xw=
last-modified: Fri, 06 May 2022 08:25:44 GMT
server: cloudflare
etag: "c9e466876957e9d2128f63b225a81ae3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET
x-amz-request-id: CZFQBX0GKRJ9GAE4
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
content-type: application/octet-stream

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=237689050718610&ev=Microdata&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&rl=&if=false&ts=1652104660750&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Red%20Nose%20Day%20USA%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Frednoseday.org%2Fcritical-role%22%2C%22og%3Atitle%22%3A%22Critical%20Role%20%7C%20Red%20Nose%20Day%20USA%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Aimage%3Aurl%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Frednoseday.org%2Fsites%2Fdefault%2Ffiles%2Fog_default_rnd_usa.jpg%22%2C%22og%3Alocale%22%3A%22en_GB%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A0%2C%22w%22%3A124%7D%2C%22properties%22%3A%7B%22url%22%3A%22%2Fhome%22%2C%22logo%22%3A%22%2Fsites%2Fdefault%2Ffiles%2FRND-newLogo-Stacked-onLight_4.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FOrganization%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.58&r=stable&ec=1&o=30&fbp=fb.1.1652104660106.1195454717&it=1652104660022&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Host: rednoseday.org
URL: https://rednoseday.org/critical-role?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 09 May 2022 13:57:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 09 May 2022 13:57:40 GMT

POST
H2 200 tb
fndrsp.net/ 2 B
578 B 156ms
122ms Ping
text/plain 104.26.8.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fndrsp.net/tb

Requested by

Host: cdn.fundraiseup.com
URL: https://cdn.fundraiseup.com/widget/AFBYGZNM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.8.138 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 09 May 2022 13:57:41 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6jFeylk0Ff890oldXx9jcGbEN5tfGKRAbQcikZwhAqv281XD7CEUZOrCwpPS1pUAX02CbCPMoWvuD4Kdw%2B7P0U%2Fv9weSnc7TolP%2F26xBTIk74VnJXpQ5gcHEDs%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://rednoseday.org
access-control-allow-credentials: true
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 708af2144c359b76-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=342641416&t=timing&_s=1&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&ul=en-us&de=UTF-8&dt=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=590&_u=aEDAAEABAAAAAC~&jid=2143884062&gjid=1406174809&cid=608112732.1652104660&tid=UA-28243511-22&_gid=867770554.1652104660&_r=1&gtm=2wg5405L2FSL&z=1399756595

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 May 2022 13:57:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://rednoseday.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5912
date: Mon, 09 May 2022 12:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 09 May 2022 14:19:09 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-28243511-20&cid=608112732.1652104660&jid=599741655&gjid=1694424677&_gid=867770554.1652104660&_u=aGDAgEABAAAAAG~&z=1641752396

Requested by

Host: static.fundraiseup.com
URL: https://static.fundraiseup.com/2.74b43cbd0652.vendors~sentry.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 May 2022 13:57:41 GMT
content-type: text/plain
access-control-allow-origin: https://rednoseday.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtmtools.js Show response
d3rse9xjbp8270.cloudfront.net/assets/js/ 5 KB
2 KB 8ms
7ms Script
application/javascript 2600:9000:2156:3000:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/js/gtmtools.js?v=20201015
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3000:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3640790896e1e02b28458ca856ec1009e6c9e5b5d4331333f5d216e70cd9aed2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 09 Jul 2021 23:09:39 GMT
content-encoding: gzip
age: 26232483
x-cache: Hit from cloudfront
content-length: 1161
access-control-allow-origin: *
last-modified: Thu, 15 Oct 2020 10:14:54 GMT
server: AmazonS3
etag: "b16ec9d34ecd972a365497b12bd66949"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: luTfftzWzAahUsuEGvWeJEuYj9rSeVoSLqOMMUzCQ_DpFZl95bEWdw==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=342641416&t=event&ni=1&_s=1&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&ul=en-us&de=UTF-8&dt=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ContributionForm&ea=Form%20Load&el=Accelerator&ev=22&_u=aGDAgEABAAAAAC~&jid=599741655&gjid=1694424677&cid=608112732.1652104660&tid=UA-28243511-20&_gid=867770554.1652104660&gtm=2wg5405L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FCMCR%2FCMCR%2F1%2F58906&cd3=4347385&cd4=1000188&cd5=Default%20RND.org%20Donation%20Form&cd6=uk2J_rnpfkGpAQTCwO63pQ2&z=1544939556

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 May 2022 17:00:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75424
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=342641416&t=pageview&_s=1&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&ul=en-us&de=UTF-8&dt=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEABAAAAAG~&jid=&gjid=&cid=608112732.1652104660&tid=UA-28243511-20&_gid=867770554.1652104660&gtm=2wg5405L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FCMCR%2FCMCR%2F1%2F58906&cd3=4347385&cd4=1000188&cd5=Default%20RND.org%20Donation%20Form&cd6=uk2J_rnpfkGpAQTCwO63pQ2&z=1373528737

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 May 2022 17:00:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75424
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=342641416&t=timing&_s=1&dl=https%3A%2F%2Frednoseday.org%2Fcritical-role%3Futm_source%3Drednoseday%26utm_medium%3Demail%26utm_campaign%3D2022_RND_Critical-Role%26utm_content%3Dfwd-1&ul=en-us&de=UTF-8&dt=Donate%20to%20Red%20Nose%20Day%20%7C%20Red%20Nose%20Day%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=22&_u=aGDAAEABAAAAAG~&jid=&gjid=&cid=608112732.1652104660&tid=UA-28243511-22&_gid=867770554.1652104660&gtm=2wg5405L2FSL&z=1347274322

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 May 2022 17:00:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75424
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK uk2J_rnpfkGpAQTCwO63pQ2
secure.everyaction.com/v1/Track/ 0
929 B 113ms
113ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.everyaction.com/v1/Track/uk2J_rnpfkGpAQTCwO63pQ2?utm_source=rednoseday&utm_medium=email&utm_campaign=2022_RND_Critical-Role&utm_content=fwd-1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 May 2022 13:57:40 GMT
X-Content-Type-Options: nosniff
Expires: -1
X-CDN: Imperva
X-Frame-Options: SAMEORIGIN
X-Iinfo: 10-56229710-56229712 SNNN RT(1652104659698 600) q(0 0 0 -1) r(2 2) U2
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security: max-age=31536000
Content-Length: 0
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

POST
H3 200 tb
fndrsp.net/ 2 B
563 B 316ms
298ms Ping
text/plain 104.26.8.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fndrsp.net/tb

Requested by

Host: cdn.fundraiseup.com
URL: https://cdn.fundraiseup.com/widget/AFBYGZNM

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.8.138 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 09 May 2022 13:57:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTLAS%2BNLfA0dP6kKvsG%2Fxu4xdjuHQgSyznMUZrUE0fDk70cdWep4kfiTtl%2BngUAq305s0qc4r9JvauztIbbvIHdL045w%2FRsO6CPCA%2F7QmhEqSDKsHcfSMJh06QI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://rednoseday.org
access-control-allow-credentials: true
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 708af21a6f1d5c7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
donors.comicrelief.org/	1969-12-31 23:59:59	Name: JSESSIONID Value: DEAC3A991B302093B15CC318DF5932DC.app30124a
donors.comicrelief.org/	1970-01-20 03:38:16	Name: redirector_cookie Value: 488903274:
.rednoseday.org/	1970-01-20 05:04:40	Name: _gcl_au Value: 1.1.606964038.1652104660
.rednoseday.org/	1970-01-20 05:04:40	Name: _fbp Value: fb.1.1652104660106.1195454717
.rednoseday.org/	1970-01-23 18:31:04	Name: fundraiseup_cid Value: 16521046601272602498
.facebook.com/	1970-01-20 05:04:40	Name: fr Value: 0FnVlPJOqxAEVupgf..BieR3U...1.0.BieR3U.
.rednoseday.org/	1970-01-20 20:26:16	Name: _ga Value: GA1.2.608112732.1652104660
.rednoseday.org/	1970-01-20 02:56:31	Name: _gid Value: GA1.2.867770554.1652104660
.rednoseday.org/	1970-01-20 02:55:04	Name: _gat_UA-62601103-1 Value: 1
.doubleclick.net/	1970-01-20 12:16:40	Name: IDE Value: AHWqTUmsAzVSY1_DA8rBxfvUIh9yscsAiPKUV0YwNy8Zc1b1XEtfSSjfSAATOCkWfxE
.tiktok.com/	1970-01-20 12:16:40	Name: _ttp Value: 28vktM2SuUogTT1Hk2kDRKhUzEb
.t.co/	1970-01-20 20:26:16	Name: muc_ads Value: 99f40eb6-4791-4292-b713-7cde66b3b90e
.rednoseday.org/	1970-01-20 12:16:40	Name: _tt_enable_cookie Value: 1
.rednoseday.org/	1970-01-20 12:16:40	Name: _ttp Value: 7034b535-bebf-4e4d-b1be-4c98a711a51f
.rednoseday.org/	1969-12-31 23:59:59	Name: fundraiseup_session Value: {%22t%22:%22.rednoseday.org%22%2C%22u%22:%22sLPojMZRnoDFxgTf%22%2C%22ua%22:%221652104660275%22%2C%22s%22:%221652104660275%22%2C%22sp%22:%221652104660275%22%2C%22p%22:%22hiKsmujsCpSjvHZW%22%2C%22pa%22:%221652104660275%22%2C%22x%22:%2220%22}
.twitter.com/	1970-01-20 20:26:16	Name: personalization_id Value: "v1_v2OBuc+aqgfyr40wCwICOA=="
.samplicio.us/	1970-01-20 20:26:16	Name: _ftv Value: 98eb5486-d0ea-484f-95cb-6ad6c09af7f8
.profile.ngpvan.com/	1970-01-20 02:55:08	Name: TiPMix Value: 48.11590978288201
.profile.ngpvan.com/	1970-01-20 02:55:08	Name: x-ms-routing-name Value: self
.secure.everyaction.com/	1970-01-20 02:55:08	Name: TiPMix Value: 45.78181687281159
.secure.everyaction.com/	1970-01-20 02:55:08	Name: x-ms-routing-name Value: self
.rednoseday.org/	1970-01-20 02:55:04	Name: _gat_UA-28243511-22 Value: 1
.rednoseday.org/	1970-01-20 02:55:04	Name: _dc_gtm_UA-28243511-20 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6631903.fls.doubleclick.net
adservice.google.com
adservice.google.de
analytics.tiktok.com
analytics.twitter.com
cdn.fundraiseup.com
connect.facebook.net
d3rse9xjbp8270.cloudfront.net
donors.comicrelief.org
fndrsp.net
googleads.g.doubleclick.net
js2.verygoodvault.com
nvlupin.blob.core.windows.net
platform.instagram.com
profile.ngpvan.com
rednoseday.org
secure.everyaction.com
sentry.fundraiseup.com
static.ads-twitter.com
static.fundraiseup.com
stats.g.doubleclick.net
t.co
tracker.samplicio.us
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.instagram.com
104.22.1.244
104.244.42.67
104.244.42.69
104.26.8.138
142.250.185.194
142.250.185.198
147.135.78.45
151.101.130.217
172.67.15.63
199.232.136.157
20.60.58.97
216.235.194.227
23.36.163.232
2600:9000:2156:2e00:14:79be:a380:93a1
2600:9000:2156:3000:12:303c:8700:21
2a00:1450:4001:802::2008
2a00:1450:4001:808::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200e
2a00:1450:400c:c06::9a
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a03:2880:f22d:1c2:face:b00c:0:43fe
2a03:2880:f22d:1e6:face:b00c:0:4420
45.60.33.183
52.202.99.104
02fec9f174dffb0be15100f05e56769f4800c7d4f3cc1a076a7a01332dc62abe
10ba4ea2b096ecc464f85e70c011b9fff4787e644f47244e2402f44cf29c2a8d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13e328620e57b44c49d0bbf0b0b4acdc39209894d37c22143a7155e21267fa30
18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
205b5e5ac97e41a70efe74150a9893bdb05ff1d3921808b96d8780aa31c7940a
225b015805bba46da83b81f808d5e0db7292f5f5f903c62a882d29461452bd95
25d58374b1f107a8159a586267408e60e47d16b402e7e5f5d8aba67d23fcd2ee
26bea68a1a10842222abca8367598d05866ee1444a0be1a1ae90e8b95fe5a65e
287a092f3846cf6a25843271d36fd2283115b54e5a2f766f63f89dd7fc4c721f
293461c4dbcd2cf88dde5a2bb6bfd3d04ab4f78f2a195a20f8c4f96e6025ee0a
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8
2e2659d8ccf5c35d54317b0773c781febf49ae27e0d6e7d66650fe2e37305748
3640790896e1e02b28458ca856ec1009e6c9e5b5d4331333f5d216e70cd9aed2
36fc9410b3f02fdce5060168717a2182c1275ba8f116f257661b6deaa2851ee9
3a19c49ad23cd46f3d4b7ed3f9c0989810144a934931d93f4659e5597cf5a860
3d92854d6b0f7129aa577e8999aa16540fae431cd212c184fead017ec2a68808
3e7146f4cd755546ffc8984dd6ae5fd5c6a02eeddd1f7dc2da21bdef60fc3dcb
4044166e68ecd6cb297477183d054e4c8af9f7bb95d890108b4734d55dc3db38
41ecd3a9aa42b506431b68b6a4b42f9ee2eab416242241c4cdc4cdb93f6bc942
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
544a90302a22bce894b1c4def935219da6b9c5998c4fbad1f6ec84b9e161f25d
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
61a58c28ced474e1180f9ca7d0948ab8777667f6d650197a54d8fdcef02fef45
65f68a92026171d52734e59eb0a22482c34117acb7c4b70eb1c5ccb378f79810
688bdda39cec72ae7abed77b96a17f8dc2e451294bb9e4209ee5f6ce105cb334
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c9215277ad538fc42515c042d97d37ecd470fd03917e724c9a7407375acc28d
6d94d3425930a665425a10edadcf38a2cf2f3dd80642c591892c952a7f97bc1e
71044970e802b0cf12ff5cb2e20a5910192e473a2968385f99c2987d3a4d0231
75d56c786fa8a526c4b1505a47b9f54dde2f2fd74955fab46726493a0510cc46
767230d4557f7845dde634d98922813ce5272492a74c8ea943d2336de15a6352
809176edc7cc541eb710bd951c6d8fa71dd0f736209d72474613b1a6a839b535
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8493e3577a358bfb26aecc7558e2f090826c962f3ab333535eabbc76eb63944f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
876910a7c8cb9f7357873f1e03295ff0aa7956283b9c50d42d77b3e8e97cfb9e
885c1d22102554dfbdb96a552bd6516d62a6f7589e5d4c2208220b010535be66
890f31386d73900b84e752f5bdc39653076ff94798e59411bdb7844c9ec96da7
89ba0d4f6cf9500041778760fea24e37c6de04955c6a62b5435c64b600423749
8b153a1558619ea3d02dde9ac3fd4f117e13578753bfe3e8553fea0df60a0848
92522e5dbc8ce5c2280ac2f600616055c75b64576d76629a7e15f79eb2c05aef
93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595
96981ffdc733a2b20b07d87e089045842a5b03480ebdbd176ef626ac0a1688b7
9b40f73a39cbe0b6e47a73e7c7f98b8e6900567767369c38951d7504796a8e91
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2ef783d98c84e41fcb8b060422accdf6c9ca1fa1b2f7a1c1aba59ed27204266
a6b5d52378ced8838d2f24fc63c7872303978a04008b34b9790b0ba5ff9421bf
aadf90f62b7e83e17c85372b77932879a587729dcf5aa003108d328313b8e5dc
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae7c686cc080a3bad860637882149e731f4dc2048e12f7582f124973f8e745a2
b009a9063217c0ddad8076be4bf227c985c9d490a024d01b0536246fcc878c53
b05de7acc261d750abdaedfb07d35e3397a5500f780076ee48aacbc77847298d
b0e16af86d49771f526af47bbf877cbaa480969bc21280c6ae55499fd69ba6a1
b1beb919daa7d91adcb85164a5f81bd47203a16e40b88bc825a678b9d0b50680
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0
b819b3ac2fe5857b7026a609f9115f0d50a7d6e8085ba5987d70ed6baaa41f4e
bb706edc54b9e10114f1ae97767b56e1bbe9c0a41cb25f2dfb4f3418193b18f3
ccd40d056c82420b2f94a59f4dd885eabd07082831f58afb5bed8883ea9b4a78
d1a5f50bc60b39d01517b1e0e6bbdf516be5118b0ef1233464880cba7035bca3
d486065dba9550f826b492d865a0ec2bd10ae007ee9e1840760c1b4f4c7d272e
d50a503feb53b8d130d9d0778e46d398ad361a8c485f46e3992d4b2288e5d9d5
d8b4efc9d633bf6a74302401662e42d85a36070ded6ad2497958ccafc2737f81
d8b6bd68acd15d236f3798ea969a1e2c0074799d91d41272488d24c62ad016a8
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0aafeb81b48aeb272103b55e26ceb672061794b9605adad0251ddf94e75bf98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e436b6e139d1d3c11fadc325cbc4a06587a2b5c32fac69f224169310069b0e1c
e7409a8d0b81943f0ea01b343797b19b59889adb89c077e98c5e8d7601fcef03
e86a3420c482479af7bc1e9f70df0b71126256caf2a04db12369f3a6cc121dcd
ec88e9506673eb2528a9f57aa4136624cc5481b2ab3db552bb8ec24120951c94
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0fe14bb9a7c3dcf54f5ae423033d14af65729ba90dbaf04151c3e028489c9ce
f43237468f20cc66d2af4b2526c5acc9ab86691412e5843d5903e586aedfd7e9
f5253e6e32ef7696f4908b876e1d2370979b484ec92fe9a8e176e9c0e9ca625d
feab5a59ae95f1027f4f9503baa920275d961fdbc9f3ac13ff1c42e1ae694723
ff9cb47a51c60181ff7ecaf80e83b6b0272a696d0b7c70da627d80a517e8f8af

rednoseday.org Open in urlscan Pro 151.101.130.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

92 Requests

99 %HTTPS

48 %IPv6

23 Domains

30 Subdomains

27 IPs

4 Countries

3211 kBTransfer

8382 kBSize

23 Cookies

14 Outgoing links

Page URL History

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

rednoseday.org Open in urlscan Pro
151.101.130.217 Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

99 %
HTTPS

48 %
IPv6

23
Domains

30
Subdomains

27
IPs

4
Countries

3211 kB
Transfer

8382 kB
Size

23
Cookies

92 HTTP transactions
1 data transactions