winred.savingthesecond.com Open in urlscan Pro
2606:4700::6811:4518 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://winred.savingthesecond.com/
Effective URL:
https://winred.savingthesecond.com/users/sign_in
Submission: On March 29 via automatic, source certstream-suspicious (March 29th 2023, 6:02:30 pm UTC) — Scanned from DE

Summary HTTP 25 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 25 HTTP transactions. The main IP is 2606:4700::6811:4518, located in United States and belongs to CLOUDFLARENET, US. The main domain is winred.savingthesecond.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 29th 2023. Valid for: a year.

This is the only time winred.savingthesecond.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	2606:4700::68... 2606:4700::6811:4518	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	13.224.189.49 13.224.189.49	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	18.66.147.49 18.66.147.49	16509 (AMAZON-02) (AMAZON-02)
1	3.222.109.21 3.222.109.21	14618 (AMAZON-AES) (AMAZON-AES)
25	13

11 2606:4700::6811:4518 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

winred.savingthesecond.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-49.fra2.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-49.fra60.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.109.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-109-21.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	savingthesecond.com 2 redirects winred.savingthesecond.com	2 MB
2	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 2734	206 KB
2	intercom.io widget.intercom.io — Cisco Umbrella Rank: 2392 api-iam.intercom.io — Cisco Umbrella Rank: 2744	6 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	156 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5216	408 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 100	356 B
1	gstatic.com fonts.gstatic.com	16 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1030	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	948 B
0	winred.com Failed gtm.winred.com Failed
25	12

	Domain	Requested by
11	winred.savingthesecond.com	2 redirects winred.savingthesecond.com static.cloudflareinsights.com
2	js.intercomcdn.com	widget.intercom.io
2	www.google-analytics.com	www.googletagmanager.com winred.savingthesecond.com
2	www.googletagmanager.com	winred.savingthesecond.com www.googletagmanager.com
1	api-iam.intercom.io	js.intercomcdn.com
1	www.google.de
1	www.google.com
1	widget.intercom.io	winred.savingthesecond.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fonts.gstatic.com	fonts.googleapis.com
1	static.cloudflareinsights.com	winred.savingthesecond.com
1	fonts.googleapis.com	winred.savingthesecond.com
0	gtm.winred.com Failed	www.googletagmanager.com
25	13

This site contains links to these domains. Also see Links.

Domain
revv.co

Subject Issuer	Validity	Valid
winred.savingthesecond.com Cloudflare Inc ECC CA-3	`2023-03-29` - `2024-03-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.intercom.com Amazon RSA 2048 M02	`2023-02-14` - `2024-03-14`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.intercomcdn.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-29`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://winred.savingthesecond.com/users/sign_in
Frame ID: A7076AEB6A7CE3DBCE5FCBF52AF47CD0
Requests: 19 HTTP requests in this frame

Frame: https://winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1680105600
Frame ID: 4715A4674C5383668D548DDB511FD707
Requests: 3 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.5a2abcb6.js
Frame ID: 635A898904F2840D816886DB97E91E24
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sessions

Page URL History Show full URLs

https://winred.savingthesecond.com/ HTTP 302
https://winred.savingthesecond.com/profile HTTP 302
https://winred.savingthesecond.com/users/sign_in Page URL

Detected technologies

Stimulus (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-controller

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

25
Requests

92 %
HTTPS

75 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

2120 kB
Transfer

7032 kB
Size

10
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://revv.co/client-terms/
Title: Terms

Search URL Search Domain Scan URL

URL: https://revv.co/privacy/
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://winred.savingthesecond.com/ HTTP 302
https://winred.savingthesecond.com/profile HTTP 302
https://winred.savingthesecond.com/users/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request sign_in Show response
winred.savingthesecond.com/users/
Redirect Chain

https://winred.savingthesecond.com/
https://winred.savingthesecond.com/profile
https://winred.savingthesecond.com/users/sign_in

7 KB
4 KB

193ms
192ms

Document
text/html

2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de9b51ed11919b04bcfac6df431d4897e5d62288a892bbd3b7f9f6e8a1d24e56

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7afa06145a452bb2-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 29 Mar 2023 18:02:25 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rack-cors: miss; no-origin
x-request-id: 16ecad62-1685-4ada-9a48-a3565d2c1644
x-runtime: 0.036437
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7afa061249a73639-FRA
content-type: text/html; charset=utf-8
date: Wed, 29 Mar 2023 18:02:25 GMT
location: https://winred.savingthesecond.com/users/sign_in
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-rack-cors: miss; no-origin
x-request-id: 6ad2c88c-76ca-4e00-ae17-672e2ae71161
x-runtime: 0.006880

GET
H3 200 application-40d81884c89be2590c6eed648fe0bdd0577db2ee2c3b180117780c7ed382287c.css
winred.savingthesecond.com/assets/ 382 KB
114 KB 328ms
327ms Stylesheet
text/css 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/assets/application-40d81884c89be2590c6eed648fe0bdd0577db2ee2c3b180117780c7ed382287c.css

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40d81884c89be2590c6eed648fe0bdd0577db2ee2c3b180117780c7ed382287c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:25 GMT
x-amz-version-id: sqjOIcjK9rPvqjYfUeh69FAUVnyxvnvH
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: MISS
x-amz-request-id: 702FRYK6S88R9RKN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 6bM90ucGjIWFA+XAZ+zdVddeoSxah7Fzjcecf5CvLUcxKBbuz8miaHJJVWXGkSw2BJ0bOU7TW2Q=
last-modified: Thu, 02 Feb 2023 01:58:51 GMT
server: cloudflare
etag: W/"3bca97d51b2816579b2721aa708560bd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7afa06159c3f2bb2-FRA
expires: Wed, 29 Mar 2023 22:02:25 GMT

GET
H3 200 modern-eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc.css
winred.savingthesecond.com/assets/ 373 KB
35 KB 722ms
721ms Stylesheet
text/css 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/assets/modern-eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc.css

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
x-amz-version-id: SvXEDlG4qPc7mYaCFlA6iMo_OKhfswkT
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: MISS
x-amz-request-id: 702C89C3EHZ9BSG1
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vT+iwxP8BZGOM5XNdRrC8dLzXlFMt81MFU/FDpFt1l221JGY0IVUEfGX2uKl8AacodxecTz/Bi4=
last-modified: Thu, 02 Feb 2023 01:58:53 GMT
server: cloudflare
etag: W/"3dfd41298e2ceed891fd6386af7e5085"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7afa06159c422bb2-FRA
expires: Wed, 29 Mar 2023 22:02:25 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
948 B 132ms
46ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

234b9bab83aa0c52e9e5192995427a2bc44876cf1a11545ed631f369b8dc6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Mar 2023 18:02:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 17:45:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Mar 2023 18:02:25 GMT

GET
H3 200 application-7356aefd809e0f8f6137c1f9977056b9ccf5b72842a6d1801dd52f5a6b9c63d9.js Show response
winred.savingthesecond.com/assets/ 5 MB
2 MB 243ms
242ms Script
application/javascript 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/assets/application-7356aefd809e0f8f6137c1f9977056b9ccf5b72842a6d1801dd52f5a6b9c63d9.js

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7356aefd809e0f8f6137c1f9977056b9ccf5b72842a6d1801dd52f5a6b9c63d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:25 GMT
x-amz-version-id: wlqUyVIxZDVGy3qeq2Z_LfcRks1eULTe
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: MISS
x-amz-request-id: 7023K2PVJXGTEHAZ
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TXiqtF0Kv+ZFmeOnY0WKFcxPQzC3542gdzUmvDaifKlEuk0WlPPpiPmfbMWPjeVeX58HLDYFLJY=
last-modified: Thu, 02 Feb 2023 01:58:51 GMT
server: cloudflare
etag: W/"346ef96639bd07d8626b65bed0fc569c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7afa06159c452bb2-FRA
expires: Wed, 29 Mar 2023 22:02:25 GMT

GET
H2 200 vb26e4fa9e5134444860be286fd8771851679335129114 Show response
static.cloudflareinsights.com/beacon.min.js/ 16 KB
6 KB 92ms
54ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114
Requested by: Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542

Request headers

Referer: https://winred.savingthesecond.com/
Origin: https://winred.savingthesecond.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2023 17:58:49 GMT
server: cloudflare
etag: W/2023.3.0
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7afa06189a0c68f7-FRA

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 121ms
38ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winred.savingthesecond.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 08:37:38 GMT
x-content-type-options: nosniff
age: 120288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Mar 2024 08:37:38 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 358 KB
79 KB 146ms
62ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dca47a91128a260846d52a74f5330640221711e3c4e9001c690e090ac1c29d94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80716
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 29 Mar 2023 18:02:26 GMT

GET
H3 200 footer-background-4d927a14dc052199b3fd759051dcd577e1c62e61c50c5659239ab13bf57ee8da.svg
winred.savingthesecond.com/assets/ 756 B
823 B 174ms
174ms Image
image/svg+xml 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://winred.savingthesecond.com/assets/footer-background-4d927a14dc052199b3fd759051dcd577e1c62e61c50c5659239ab13bf57ee8da.svg

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/assets/modern-eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d927a14dc052199b3fd759051dcd577e1c62e61c50c5659239ab13bf57ee8da

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/assets/modern-eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
x-amz-version-id: TGhe2iix33C5RLxMsPTs6nYbCzZg1qoW
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: MISS
x-amz-request-id: PP112T9DA0CK1951
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: kmhEUhvHQr9HJM5prVukfqecbYDkPSyZ2Jeus8kzuhbsv47ZwUmdaoMBSiuOkW/1kc8xKlz6eRA=
last-modified: Thu, 02 Feb 2023 01:58:52 GMT
server: cloudflare
etag: W/"bf81d41040d5075b903e2e67be365f60"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 7afa061aacfd2bb2-FRA
expires: Wed, 29 Mar 2023 22:02:26 GMT

GET
H3 200 invisible.js Show response
winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 4715 28 KB
12 KB 30ms
30ms Script
application/javascript 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1680105600

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fa69ffd5f5d9596d6446a96c29c49686438ed6e7f75001d42579105992056e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7afa061acd3b2bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 4715 7 KB
3 KB 28ms
28ms Other
application/javascript 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1ee43d85bbb5dc4abcca988d375f9eded550e7f833db4b2dafa999aab60ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7afa061b0db02bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 7afa06145a452bb2 Show response
winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 4715 2 B
435 B 45ms
44ms XHR
text/plain 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/cv/result/7afa06145a452bb2

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1680105600

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 7afa061c5fe82bb2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 122ms
38ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 29 Mar 2023 16:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 7035
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 29 Mar 2023 18:05:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
77 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

519ae6f01619d3ba83805d45cb4e9aca604708514a788c628d20f2e355881995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78925
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 29 Mar 2023 18:02:26 GMT

GET collect
gtm.winred.com/g/ 0
0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
356 B 150ms
18ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-73658561-7&cid=2124463199.1680112947&jid=1042556365&gjid=519833783&_gid=1946080836.1680112947&_u=YCDAiEABBAAAAEAEK~&z=372613998

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://winred.savingthesecond.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 29 Mar 2023 18:02:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://winred.savingthesecond.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 38ms
38ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=590601544&t=pageview&_s=1&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&ul=en-us&de=UTF-8&dt=Sessions&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAAAAEK~&jid=1042556365&gjid=519833783&cid=2124463199.1680112947&tid=UA-73658561-7&_gid=1946080836.1680112947&gtm=45He33r0n71NTQZ9N&cd61=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&z=38460017

Requested by

Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 86235
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pmdeg1b4 Show response
widget.intercom.io/widget/ 8 KB
4 KB 110ms
18ms Script
application/javascript 13.224.189.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/pmdeg1b4
Requested by: Host: winred.savingthesecond.com
URL: https://winred.savingthesecond.com/users/sign_in
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-49.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 046a89b6f3e9e7e3e6012ac2450cdf2e24894949e1b5358a6fa01b70a0a03ff0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: fnx.HGiUd2UOkvg6pYTpGRqH6RtpbBHi
content-encoding: gzip
via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
date: Wed, 29 Mar 2023 17:56:44 GMT
x-amz-cf-pop: FRA2-C1
age: 363
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 3264
last-modified: Wed, 29 Mar 2023 12:55:58 GMT
server: AmazonS3
etag: "bec5806bc8d332de272fcd4363a4b799"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=900, s-maxage=900, public
accept-ranges: bytes
x-amz-cf-id: 5UVZ0k0Dno58ZWhGYW-mPlk3fylj3667uOc3LT4QmB419RBfAEzVSg==

POST
H3 204 rum Show response
winred.savingthesecond.com/cdn-cgi/ 0
148 B 18ms
17ms XHR
text/plain 2606:4700::6811:4518
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winred.savingthesecond.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4518 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://winred.savingthesecond.com/users/sign_in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Wed, 29 Mar 2023 18:02:26 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://winred.savingthesecond.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7afa061daa282bb2-FRA

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 147ms
62ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-73658561-7&cid=2124463199.1680112947&jid=1042556365&_u=YCDAiEABBAAAAEAEK~&z=1859470539

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Mar 2023 18:02:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 148ms
62ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-73658561-7&cid=2124463199.1680112947&jid=1042556365&_u=YCDAiEABBAAAAEAEK~&z=1859470539

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winred.savingthesecond.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Mar 2023 18:02:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 frame-modern.5a2abcb6.js Show response
js.intercomcdn.com/ Frame 635A 500 KB
132 KB 30ms
7ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame-modern.5a2abcb6.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/pmdeg1b4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

baeb317d7672cf4bac0e8c88700725c199c259102669eaaf431ea7e058f735d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 5LBSoEqN8_8otbC8755rGVUAzXmsLcRO
content-encoding: gzip
via: 1.1 e65c822edea04e16936bdb4537763dd4.cloudfront.net (CloudFront)
date: Wed, 29 Mar 2023 17:18:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P4
age: 2610
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 134515
last-modified: Wed, 29 Mar 2023 12:54:10 GMT
server: AmazonS3
etag: "e8be6c6f3539bbe7fc12ad4bbb9025d2"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: WMLNhLldMF4u4IoNJokF7jZJMW7blP0oo2TwnCKOjWJH28KAVKF-7A==

GET
H2 200 vendor-modern.86231db0.js Show response
js.intercomcdn.com/ Frame 635A 237 KB
73 KB 43ms
21ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor-modern.86231db0.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/pmdeg1b4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0571b14e3510f871421e234631b1452947c13d5239b69bd96c6b997de6ff8edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: BBfR1XCgvbywiNYr8EbdH3Nxl_PR8fS1
content-encoding: gzip
via: 1.1 e65c822edea04e16936bdb4537763dd4.cloudfront.net (CloudFront)
date: Wed, 29 Mar 2023 17:18:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P4
age: 2610
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 74589
last-modified: Wed, 29 Mar 2023 12:54:10 GMT
server: AmazonS3
etag: "6f008e7f886950e9c3b9e535cfe19554"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: rtelDec5ijNhJxeUWjOoqR1w2gKtljf3Q_laRKtLoqAWLbEvcjnKqw==

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 635A 5 KB
3 KB 773ms
553ms XHR
application/json 3.222.109.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.5a2abcb6.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.109.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-109-21.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fad67695dd51aa12ad2b6bf4e52a34416eb37f7f3738b9c0b0a681884a2687d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 29 Mar 2023 18:02:27 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-0ab3c99401b68739b
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 000291pc8ovkpkou7tcg
x-runtime: 0.407433
server: nginx
etag: W/"fad67695dd51aa12ad2b6bf4e52a3441"
x-ratelimit-remaining: 13332
vary: Accept,Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winred.savingthesecond.com
x-intercom-version: 8ac007a3b1e25254d31b5924986afe44210360bc
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1680112950
x-ratelimit-limit: 13333
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN

GET collect
gtm.winred.com/g/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gtm.winred.com
URL: https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sst.uc=DE&sst.gcsub=region1&_s=1&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&richsstsse

Domain: gtm.winred.com
URL: https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&sst.uc=DE&sst.gcsub=region1&_s=2&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=scroll&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&epn.percent_scrolled=90&_et=4&richsstsse

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.savingthesecond.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: VGJueHBtRHM3OU5MeEgydXZGQk04ZVIrOS9jc05MblVMbmlhaE0zam44dW9HQ1g1cUVhRC9jT01UajgzOTRoTElWb3NDWitTZHVBdjBlZjNpZHpWQjBUVWZBNFhBTjh5bzh2OGhhSDhCMEdEY1NsZmVJT0xFNXo3Qm9DcEprakdwYURQQXZWZGhtc2tYS0NVVk85U2l2R0NOVjJqK3ViVVU3NlBldFQxZXY5TzJqaXVCcTJ4ZW9ZRnA0bkh4UzZ5LS15ME1ZTjRBTGd4MVpoZEM5RGhOVmRRPT0%3D--37e61933a1b74704b2760cfec702d472c75da73c
.savingthesecond.com/	1970-01-20 12:51:28	Name: _gcl_au Value: 1.1.513936420.1680112947
.winred.savingthesecond.com/	1970-01-20 10:41:54	Name: __cf_bm Value: EC2ij_TBafdq3PJfJsmau0SBqi8Zmx5RK4H3AtjvKYk-1680112946-0-AZ4cUacPLetHEnqxfoxlE7gXNPwbvJC0oXFGtbpb1J/B4M8cW8N0N3JKolVe7B4IFu56T3rozUSI2Vcd68EExkcB9OXaTO0Qa4/ndV73ro0FJe8KoWxVq5fklNz7J8lI4FGrZvmqq28AHQlYxkTHUatmziviNdeIYSrs2BbkkY5k
.savingthesecond.com/	1970-01-20 20:17:52	Name: _ga_X6H0114PDF Value: GS1.1.1680112946.1.0.1680112946.0.0.0
.savingthesecond.com/	1970-01-20 20:17:52	Name: _ga Value: GA1.2.2124463199.1680112947
.savingthesecond.com/	1970-01-20 10:43:19	Name: _gid Value: GA1.2.1946080836.1680112947
.savingthesecond.com/	1970-01-20 10:41:53	Name: _dc_gtm_UA-73658561-7 Value: 1
.savingthesecond.com/	1970-01-20 17:10:42	Name: intercom-id-pmdeg1b4 Value: 287132f0-9c92-45c7-89ed-71eed04f66a3
.savingthesecond.com/	1970-01-20 10:51:57	Name: intercom-session-pmdeg1b4 Value:
.savingthesecond.com/	1970-01-20 17:10:42	Name: intercom-device-id-pmdeg1b4 Value: 7e4d33e3-749a-40ca-85a9-9c8ba6774621

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://winred.savingthesecond.com/users/sign_in Message: Access to XMLHttpRequest at 'https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sst.uc=DE&sst.gcsub=region1&_s=1&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&richsstsse' from origin 'https://winred.savingthesecond.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sst.uc=DE&sst.gcsub=region1&_s=1&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&richsstsse Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://winred.savingthesecond.com/users/sign_in Message: Access to XMLHttpRequest at 'https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&sst.uc=DE&sst.gcsub=region1&_s=2&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=scroll&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&epn.percent_scrolled=90&_et=4&richsstsse' from origin 'https://winred.savingthesecond.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je33r0&_p=590601544&cid=2124463199.1680112947&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&sst.uc=DE&sst.gcsub=region1&_s=2&sid=1680112946&sct=1&seg=0&dl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&dt=Sessions&en=scroll&ep.pagepath=%2Fusers%2Fsign_in&ep.pagehostname=winred.savingthesecond.com&ep.parsedurl=https%3A%2F%2Fwinred.savingthesecond.com%2Fusers%2Fsign_in&epn.load_time_sec=-1680112944.7&epn.percent_scrolled=90&_et=4&richsstsse Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
fonts.googleapis.com
fonts.gstatic.com
gtm.winred.com
js.intercomcdn.com
static.cloudflareinsights.com
stats.g.doubleclick.net
widget.intercom.io
winred.savingthesecond.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
gtm.winred.com
13.224.189.49
18.66.147.49
2606:4700::6810:3965
2606:4700::6811:4518
2a00:1450:4001:827::2003
2a00:1450:4001:827::2008
2a00:1450:4001:828::200a
2a00:1450:4001:828::200e
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9a
3.222.109.21
046a89b6f3e9e7e3e6012ac2450cdf2e24894949e1b5358a6fa01b70a0a03ff0
0571b14e3510f871421e234631b1452947c13d5239b69bd96c6b997de6ff8edb
0fa69ffd5f5d9596d6446a96c29c49686438ed6e7f75001d42579105992056e1
234b9bab83aa0c52e9e5192995427a2bc44876cf1a11545ed631f369b8dc6534
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
40d81884c89be2590c6eed648fe0bdd0577db2ee2c3b180117780c7ed382287c
4d927a14dc052199b3fd759051dcd577e1c62e61c50c5659239ab13bf57ee8da
519ae6f01619d3ba83805d45cb4e9aca604708514a788c628d20f2e355881995
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
7356aefd809e0f8f6137c1f9977056b9ccf5b72842a6d1801dd52f5a6b9c63d9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542
baeb317d7672cf4bac0e8c88700725c199c259102669eaaf431ea7e058f735d2
dca47a91128a260846d52a74f5330640221711e3c4e9001c690e090ac1c29d94
de1ee43d85bbb5dc4abcca988d375f9eded550e7f833db4b2dafa999aab60ca4
de9b51ed11919b04bcfac6df431d4897e5d62288a892bbd3b7f9f6e8a1d24e56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae5a4d029b612c313e628a7bfc9f23a90ad5c990c0cf0f611cad5eb1537e7cc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fad67695dd51aa12ad2b6bf4e52a34416eb37f7f3738b9c0b0a681884a2687d4

winred.savingthesecond.com Open in urlscan Pro 2606:4700::6811:4518 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

92 %HTTPS

75 %IPv6

12 Domains

13 Subdomains

13 IPs

3 Countries

2120 kBTransfer

7032 kBSize

10 Cookies

2 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

10 Cookies

4 Console Messages

Security Headers

Indicators

winred.savingthesecond.com Open in urlscan Pro
2606:4700::6811:4518 Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

92 %
HTTPS

75 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

2120 kB
Transfer

7032 kB
Size

10
Cookies

25 HTTP transactions
0 data transactions