trumpgoldenticket-us.us Open in urlscan Pro
2600:1f18:2489:8203::c8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://trumpgoldenticket-us.us/
Submission: On January 02 via automatic, source certstream-suspicious (January 2nd 2023, 6:31:52 am UTC) — Scanned from US

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 1 countries across 9 domains to perform 17 HTTP transactions. The main IP is 2600:1f18:2489:8203::c8, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is trumpgoldenticket-us.us.
TLS certificate: Issued by R3 on January 2nd 2023. Valid for: 3 months.

This is the only time trumpgoldenticket-us.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2600:1f18:248... 2600:1f18:2489:8203::c8	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:81f::200a	15169 (GOOGLE) (GOOGLE)
4 4	2606:4700:303... 2606:4700:3034::6815:1e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3033::ac43:8b0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:78:... 2a04:4e42:78::720	54113 (FASTLY) (FASTLY)
1	18.164.116.82 18.164.116.82	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3034::ac43:b25c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
1	52.55.35.160 52.55.35.160	14618 (AMAZON-AES) (AMAZON-AES)
17	9

1 2600:1f18:2489:8203::c8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

trumpgoldenticket-us.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:1e9 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

app.groovefunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3033::ac43:8b0d (United States)

ASN13335 (CLOUDFLARENET, US)

app.groove.cm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:78::720 (United States)

ASN54113 (FASTLY, US)

images.unsplash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.116.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-82.jfk50.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::ac43:b25c (United States)

ASN13335 (CLOUDFLARENET, US)

matomo.groovetech.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:822::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.55.35.160 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-35-160.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	gstatic.com fonts.gstatic.com	55 KB
4	groove.cm app.groove.cm — Cisco Umbrella Rank: 318703	51 KB
4	groovefunnels.com 4 redirects app.groovefunnels.com	1 KB
2	groovetech.io matomo.groovetech.io — Cisco Umbrella Rank: 339986	32 KB
2	heapanalytics.com cdn.heapanalytics.com — Cisco Umbrella Rank: 5687 heapanalytics.com — Cisco Umbrella Rank: 4721	37 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1620	91 KB
1	unsplash.com images.unsplash.com — Cisco Umbrella Rank: 19266	70 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127	137 KB
1	trumpgoldenticket-us.us trumpgoldenticket-us.us	7 KB
17	9

	Domain	Requested by
4	fonts.gstatic.com	fonts.googleapis.com
4	app.groove.cm	trumpgoldenticket-us.us
4	app.groovefunnels.com	4 redirects
2	matomo.groovetech.io	trumpgoldenticket-us.us matomo.groovetech.io
2	use.fontawesome.com	trumpgoldenticket-us.us use.fontawesome.com
1	heapanalytics.com	trumpgoldenticket-us.us
1	cdn.heapanalytics.com	trumpgoldenticket-us.us
1	images.unsplash.com	trumpgoldenticket-us.us
1	fonts.googleapis.com	trumpgoldenticket-us.us
1	trumpgoldenticket-us.us
17	10

This site contains links to these domains. Also see Links.

Domain
hop.clickbank.net

Subject Issuer	Validity	Valid
*.trumpgoldenticket-us.us R3	`2023-01-02` - `2023-04-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
images.unsplash.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-06-08` - `2023-07-10`	a year	crt.sh
cdn.heapanalytics.com Amazon	`2022-07-29` - `2023-08-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
heapanalytics.com Amazon RSA 2048 M02	`2022-12-09` - `2024-01-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://trumpgoldenticket-us.us/
Frame ID: B783D8CDB2E2E932E7C2AA8E5575611C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MIDAS Manifestation

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Page Statistics

17
Requests

76 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

9
IPs

1
Countries

480 kB
Transfer

1523 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://hop.clickbank.net/?affiliate=dpl091&vendor=midasman88&tid=&cart=off
Title: YES! SHOW ME THE SECRET

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://app.groovefunnels.com/groovepages/css/inpage_published.css HTTP 302
https://app.groove.cm/groovepages/css/inpage_published.css

Request Chain 2

https://app.groovefunnels.com/groovepages/css/chunk-vendors.css HTTP 302
https://app.groove.cm/groovepages/css/chunk-vendors.css

Request Chain 5

https://app.groovefunnels.com/groovepages/js/inpage_published.js HTTP 302
https://app.groove.cm/groovepages/js/inpage_published.js

Request Chain 6

https://app.groovefunnels.com/groovepages/js/chunk-vendors.js HTTP 302
https://app.groove.cm/groovepages/js/chunk-vendors.js

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
trumpgoldenticket-us.us/ 46 KB
7 KB 265ms
94ms Document
text/html 2600:1f18:2489:8203::c8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trumpgoldenticket-us.us/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:2489:8203::c8 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Netlify /

Resource Hash

88a2fce9cb160ce2fc71a9acffb894a4b9f95057744c2b347e5229692acce500

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 06:31:45 GMT
etag: "8b58f817ff9654189369b4d7cb2a2fc2-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01GNRJVKTPDP36VGCGRWVQF7NV

GET
H2 200 css2
fonts.googleapis.com/ 698 KB
137 KB 380ms
81ms Stylesheet
text/css 2607:f8b0:4006:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,700;0,900;1,400&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap

Requested by

Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e948e0f3331fa46eaee174fde31ba608a61afe44ce0720f22db2d184d5e6effb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 02 Jan 2023 06:31:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 02 Jan 2023 06:23:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 02 Jan 2023 06:31:46 GMT

GET
H2

200

inpage_published.css
app.groove.cm/groovepages/css/
Redirect Chain

https://app.groovefunnels.com/groovepages/css/inpage_published.css
https://app.groove.cm/groovepages/css/inpage_published.css

278 KB
41 KB

136ms
51ms

Stylesheet
text/css

2606:4700:3033::ac43:8b0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/css/inpage_published.css
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Server: 2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed9bf60cc9d1f7df798f580c6d77f232b2c63422fd04da0994a4a64f06ad3fbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 31 Dec 2022 20:26:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3914
etag: W/"63b09b13-4596c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAKeU1Cj659HiecnBVi9y%2BQSy2zlpl6%2FskItHRZwXX4sxbq6B00hfubdv6lAQ7b04%2FomqUIRrmzm3OnU22OB866vE1RO%2BFk%2BnrW5ON9HfaIBpyrhCyyN%2BAD1iiQKr%2B7X0imz3BBwlI9XWCWl"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7831742248002227-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Mon, 02 Jan 2023 06:31:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HH%2FI%2BuZo%2Bv9h18OduwPfyX6xT8R3GrQF9uqVqgmJ6JGHQk2j9b6ihmzA2Oq6XpAsUqkO1Mr282O2hiBi%2Fs4EUq50Rmrfc8oIUR0%2Fs7zhOXPdP0J3phVDVDXIF8StW5qEX29KiOXkEyG%2FyciQitvB%2FHuQoWY%3D"}],"group":"cf-nel","max_age":604800}
location: https://app.groove.cm/groovepages/css/inpage_published.css
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 783174217cb35730-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

200

chunk-vendors.css
app.groove.cm/groovepages/css/
Redirect Chain

https://app.groovefunnels.com/groovepages/css/chunk-vendors.css
https://app.groove.cm/groovepages/css/chunk-vendors.css

0
0

131ms
45ms

Stylesheet
text/html

2606:4700:3033::ac43:8b0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/css/chunk-vendors.css
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Server: 2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Mon, 02 Jan 2023 06:31:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJ7tz0i3wAeF%2FEBi1HzqlDOjmeuGOeu8gNUbNXhvfxVImTNIOFgiItP2e2yH2QHr5CMQYOsi4dRFEe6Am4qmh48vJdRAeKiiq47FpqPUk8xXe0rq%2F9l%2F5XkreTm9ax2DnDnI0AQrQRwV%2FgGNovCS3DU8iZY%3D"}],"group":"cf-nel","max_age":604800}
location: https://app.groove.cm/groovepages/css/chunk-vendors.css
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 783174217cb55730-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.13.0/css/ 57 KB
13 KB 460ms
166ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Request headers

Referer: https://trumpgoldenticket-us.us/
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JY3BEFWWHR1R9AYB
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: wf0YGmwUF2kF9TJyH7BCYz0YU9e83TdcR5MYXLOIETY2RiqJp/7dcXcytCI8tzaq6fhgjtVfBfU=
last-modified: Wed, 30 Jun 2021 15:38:38 GMT
server: cloudflare
etag: W/"76cb46c10b6c0293433b371bae2414b2"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSIRPMaZ6Y0z3qbpi9OIbKHooOh3%2FzZmHkl82%2BDEBNqpczyohyNt%2BfXuQLC6tdj%2BBBfMpTuMRvg5Xequx8SmHHIvDItVFOC88%2FreWc%2BpRbHEYJzMCHbPwNuiG3uEblW%2FI9A4ngj3ChPWJNhTv%2BHEo17K"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 783174217aa7db05-MIA

GET
H2 200 photo-1577253313708-cab167d2c474
images.unsplash.com/ 70 KB
70 KB 217ms
67ms Image
image/avif 2a04:4e42:78::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1577253313708-cab167d2c474?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=722&q=80%20(1).jpg

Requested by

Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:78::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

d13130d08654f1b634739b7be7b2b807b1f908f950e3f823df9286f5e530b593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
x-content-type-options: nosniff
age: 88745
x-cache: HIT, HIT
x-imgix-id: 31a676ef4800b7b9cf0792cef3b42be4a6555059
cross-origin-resource-policy: cross-origin
content-length: 71216
x-served-by: cache-sjc10052-SJC, cache-iad-kjyo7100048-IAD
x-imgix-render-farm: 01.584
last-modified: Sun, 01 Jan 2023 05:52:42 GMT
server: imgix
vary: Accept, User-Agent
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes

GET
H2

200

inpage_published.js Show response
app.groove.cm/groovepages/js/
Redirect Chain

https://app.groovefunnels.com/groovepages/js/inpage_published.js
https://app.groove.cm/groovepages/js/inpage_published.js

28 KB
10 KB

48ms
48ms

Script
application/javascript

2606:4700:3033::ac43:8b0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/js/inpage_published.js
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Server: 2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46eeb1d843807ee32ce3c163f8e5df1d17c0117189fcc6122be7745fd0817f79

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 31 Dec 2022 20:26:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3964
etag: W/"63b09b13-70da"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BNXqPoI4J4LpqIEZQrBD4WtuYFBbPWGexQL3IxYp%2BeKHbCpoc%2FKiZI%2BGGAe%2BVg5ALtvFyspufm7rp535fUnEdIdk1GnupW%2FB5MtPrINdylXVNpm7iPoe8g1sv1ezeOWSaa%2FkUO5UV1TQlQG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7831742318b52227-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Mon, 02 Jan 2023 06:31:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hLjQkVk5R7deWF4BqVAS03ABLa4YSNKk52JG8DnJqqNZH60TahYDltulMkYaJ2GSsVwLCEU%2FVGPgHSWqPRH5CU60dESQby37kU4XsbeCKlJpmVSLNF4o8EgqtGXXTe4AOVjLODILQXwK14YZjNreFPJXPZE%3D"}],"group":"cf-nel","max_age":604800}
location: https://app.groove.cm/groovepages/js/inpage_published.js
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 78317422dd855730-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

200

chunk-vendors.js Show response
app.groove.cm/groovepages/js/
Redirect Chain

https://app.groovefunnels.com/groovepages/js/chunk-vendors.js
https://app.groove.cm/groovepages/js/chunk-vendors.js

0
0

42ms
42ms

Script
text/html

2606:4700:3033::ac43:8b0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/js/chunk-vendors.js
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Server: 2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Mon, 02 Jan 2023 06:31:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQNZOzxgvT1VHFUbqxIv1HYXSvemXJRArTl%2BiTvTbeZJq2SadnE70dEmjuHw6NMqw1X%2FTrvexfo0k%2FI2tx11noiUhMOrWwGcHEnYP%2FOOj5TvaYoTI8%2FAFh%2BZbo9UpK9LJNLsVtfNjzmjR5Cx%2Bnn9zqcTMww%3D"}],"group":"cf-nel","max_age":604800}
location: https://app.groove.cm/groovepages/js/chunk-vendors.js
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 783174233daa5730-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 heap-3364072150.js Show response
cdn.heapanalytics.com/js/ 116 KB
37 KB 215ms
77ms Script
application/javascript 18.164.116.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-3364072150.js

Requested by

Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.116.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-116-82.jfk50.r.cloudfront.net

Software

nginx / Express

Resource Hash

c726bf538e2f62f7c9d2de6538ba1290f9e75aeb02c66c373e1439097518b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:30:20 GMT
content-encoding: br
via: 1.1 c123eaeab0338ee38c9f9a5fe5647218.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: JFK50-P6
age: 86
x-powered-by: Express
etag: W/"1ceb1-Vl3qMRj+tMoBM+svBh+O6w"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=120
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: TwyOweQEdXcz_bodGJcXur6suFvJWQRAxlo48r7e5EstAhQXPszDtw==

GET
H2 200 matomo.js Show response
matomo.groovetech.io/ 98 KB
31 KB 132ms
44ms Script
application/javascript 2606:4700:3034::ac43:b25c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.groovetech.io/matomo.js
Requested by: Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b25c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6720efbb19ab3deda0f394ad5c0865ef0f97338822d30a440ba9cf36769c71a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 19 Jul 2022 13:13:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 635
etag: W/"1895d-5e42841a471ad-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2Fbgj%2BYQcUcHUHin8OQ%2F2ZSatzd5lIiE2YGjDS%2F9vStz%2BMuTzN5yu83L60mIq4qFeCI2v1DNdcwIt7X2VRXBRbnJJu2R4AtOQ8I9j%2Fjdp2NCUpkBhgNe10fBNS5xEXx9dkxebzj6yx4ZXwU0iS8gnNZGfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 783174241a1309b2-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 227ms
84ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,700;0,900;1,400&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 27 Dec 2022 09:39:12 GMT
x-content-type-options: nosniff
age: 507154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:39:12 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 217ms
74ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 27 Dec 2022 19:51:08 GMT
x-content-type-options: nosniff
age: 470438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Dec 2023 19:51:08 GMT

GET
H3 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.13.0/webfonts/ 78 KB
78 KB 224ms
173ms Font
font/woff2 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.13.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Referer: https://use.fontawesome.com/releases/v5.13.0/css/all.css
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JY34XYYR7KA6SY24
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79444
x-amz-id-2: Xj+tlRf8KsJubTdNBCm8aCYDMATUAhJKBqwnCMk8PVMYoqI8iX3skbYxoUB9WjLFTKTkT696m+o=
last-modified: Wed, 30 Jun 2021 15:39:01 GMT
server: cloudflare
etag: "b15db15f746f29ffa02638cb455b8ec0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vO5LQ8NEcs%2FsK8QlEBlzWvGI5zC5XT0tprV7pRMWHewOkDEgIfrUmZSi%2FKL%2FfLg%2BHcYENlnboZiyNkYyuW4u3C%2BVodi7QSII4E%2FFze3ZMXdTGLfkas0%2Byl0QNaUWnodqNZcKzVAAHGPK3eAu8E5f6vtM"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 78317424d8459ab3-MIA

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 285ms
161ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 28 Dec 2022 07:09:38 GMT
x-content-type-options: nosniff
age: 429728
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 07:09:38 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 190ms
66ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://trumpgoldenticket-us.us
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 27 Dec 2022 22:46:09 GMT
x-content-type-options: nosniff
age: 459937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Dec 2023 22:46:09 GMT

POST
H3 204 matomo.php
matomo.groovetech.io/ 0
509 B 325ms
286ms Ping
text/plain 2606:4700:3034::ac43:b25c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.groovetech.io/matomo.php?action_name=trumpgoldenticket-us.us%2FMIDAS%20Manifestation&idsite=4&rec=1&r=173645&h=6&m=31&s=46&url=https%3A%2F%2Ftrumpgoldenticket-us.us%2F&_id=bca91cd72540cea0&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&dimension1=264955&dimension2=CNXUI6L5V&pv_id=bJy6g1&pf_net=172&pf_srv=94&pf_tfr=24
Requested by: Host: matomo.groovetech.io
URL: https://matomo.groovetech.io/matomo.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:b25c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trumpgoldenticket-us.us/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

date: Mon, 02 Jan 2023 06:31:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.0.17
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMQZZiMs1nRHOM2ESwKOr4%2FbfUvm0Pi4Vxx4sZxRFHAbazhNSTFL9%2B9yu9O%2B%2Ftv%2F8iK8L9Gp2jF8lNYHnTf5rA%2Brm%2Bm6Y8aG3AG%2FnDxk12HZ40FTYGpgZcITqqhSXzR8jlkjipsBdJLv8PUBKbk6VBP1YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://trumpgoldenticket-us.us
access-control-allow-credentials: true
cf-ray: 783174251bc6227d-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 h
heapanalytics.com/ 37 B
259 B 197ms
59ms Image
image/gif 52.55.35.160
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=3364072150&u=3064917673612500&v=2063991185130707&s=2943042485398345&b=web&tv=4.0&z=0&h=%2F&d=trumpgoldenticket-us.us&t=MIDAS%20Manifestation&ts=1672641106769&st=1672641106771

Requested by

Host: trumpgoldenticket-us.us
URL: https://trumpgoldenticket-us.us/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.55.35.160 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-55-35-160.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://trumpgoldenticket-us.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Jan 2023 06:31:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
trumpgoldenticket-us.us/	1970-01-20 18:03:16	Name: _pk_id.4.875d Value: bca91cd72540cea0.1672641107.
trumpgoldenticket-us.us/	1970-01-20 08:37:22	Name: _pk_ses.4.875d Value: 1
.unsplash.com/	1970-01-20 17:22:57	Name: ugid Value: d1f7bacb1d050d3992ab0ae84d348f535575470
.trumpgoldenticket-us.us/	1970-01-20 18:05:18	Name: _hp2_id.3364072150 Value: %7B%22userId%22%3A%223064917673612500%22%2C%22pageviewId%22%3A%222063991185130707%22%2C%22sessionId%22%3A%222943042485398345%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
trumpgoldenticket-us.us/	1969-12-31 23:59:59	Name: hasVisitedPopupPage Value: true
.trumpgoldenticket-us.us/	1970-01-20 08:37:22	Name: _hp2_ses_props.3364072150 Value: %7B%22ts%22%3A1672641106769%2C%22d%22%3A%22trumpgoldenticket-us.us%22%2C%22h%22%3A%22%2F%22%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.groove.cm
app.groovefunnels.com
cdn.heapanalytics.com
fonts.googleapis.com
fonts.gstatic.com
heapanalytics.com
images.unsplash.com
matomo.groovetech.io
trumpgoldenticket-us.us
use.fontawesome.com
18.164.116.82
2600:1f18:2489:8203::c8
2606:4700:3033::ac43:8b0d
2606:4700:3034::6815:1e9
2606:4700:3034::ac43:b25c
2606:4700:e2::ac40:840f
2607:f8b0:4006:81f::200a
2607:f8b0:4006:822::2003
2a04:4e42:78::720
52.55.35.160
46eeb1d843807ee32ce3c163f8e5df1d17c0117189fcc6122be7745fd0817f79
6720efbb19ab3deda0f394ad5c0865ef0f97338822d30a440ba9cf36769c71a4
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
88a2fce9cb160ce2fc71a9acffb894a4b9f95057744c2b347e5229692acce500
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c726bf538e2f62f7c9d2de6538ba1290f9e75aeb02c66c373e1439097518b083
d13130d08654f1b634739b7be7b2b807b1f908f950e3f823df9286f5e530b593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e948e0f3331fa46eaee174fde31ba608a61afe44ce0720f22db2d184d5e6effb
ed9bf60cc9d1f7df798f580c6d77f232b2c63422fd04da0994a4a64f06ad3fbb
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

trumpgoldenticket-us.us Open in urlscan Pro 2600:1f18:2489:8203::c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

76 %HTTPS

80 %IPv6

9 Domains

10 Subdomains

9 IPs

1 Countries

480 kBTransfer

1523 kBSize

6 Cookies

1 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

6 Cookies

Security Headers

Indicators

trumpgoldenticket-us.us Open in urlscan Pro
2600:1f18:2489:8203::c8 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

76 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

9
IPs

1
Countries

480 kB
Transfer

1523 kB
Size

6
Cookies

17 HTTP transactions
0 data transactions