secure.everyaction.com Open in urlscan Pro
45.60.33.183 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mbl.ms/nXLTCrI0Ly1
Effective URL:
https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8u...
Submission: On July 12 via manual (July 12th 2022, 5:18:48 pm UTC) from HR — Scanned from DE

Summary HTTP 104 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 49 IPs in 7 countries across 44 domains to perform 104 HTTP transactions. The main IP is 45.60.33.183, located in United States and belongs to INCAPSULA, US. The main domain is secure.everyaction.com. The Cisco Umbrella rank of the primary domain is 71260.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on April 11th 2022. Valid for: a year.

This is the only time secure.everyaction.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.60.103.183 45.60.103.183	19551 (INCAPSULA) (INCAPSULA)
10	45.60.33.183 45.60.33.183	19551 (INCAPSULA) (INCAPSULA)
6	2600:9000:215... 2600:9000:2156:f400:3:1d53:4780:93a1	16509 (AMAZON-02) (AMAZON-02)
2	35.185.44.232 35.185.44.232	15169 (GOOGLE) (GOOGLE)
1	104.89.40.9 104.89.40.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
1	2a02:26f0:350... 2a02:26f0:3500:88e::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	20.60.58.97 20.60.58.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	143.204.89.7 143.204.89.7	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
1	104.117.200.111 104.117.200.111	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:225... 2600:9000:2251:9400:14:79be:a380:93a1	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
8	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:c400:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
2 4	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2600:9000:223... 2600:9000:223c:7000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400c:c01::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 2	185.89.210.91 185.89.210.91	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.253.74.200 34.253.74.200	16509 (AMAZON-02) (AMAZON-02)
1	3.124.210.90 3.124.210.90	16509 (AMAZON-02) (AMAZON-02)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.158.183.134 18.158.183.134	16509 (AMAZON-02) (AMAZON-02)
1 1	108.138.17.14 108.138.17.14	16509 (AMAZON-02) (AMAZON-02)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.200.119.241 52.200.119.241	14618 (AMAZON-AES) (AMAZON-AES)
1 2	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.92.72.137 104.92.72.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4264:35be:ace0:b22e:18d9	14618 (AMAZON-AES) (AMAZON-AES)
1	35.156.83.159 35.156.83.159	16509 (AMAZON-02) (AMAZON-02)
1	52.50.214.249 52.50.214.249	16509 (AMAZON-02) (AMAZON-02)
1 2	18.195.192.101 18.195.192.101	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	54.210.202.232 54.210.202.232	14618 (AMAZON-AES) (AMAZON-AES)
2	13.69.106.217 13.69.106.217	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
104	49

1 45.60.103.183 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

mbl.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 45.60.33.183 (United States)

ASN19551 (INCAPSULA, US)

secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fastaction.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:f400:3:1d53:4780:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.185.44.232 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 232.44.185.35.bc.googleusercontent.com

ucsusa.gitlab.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.40.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-40-9.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:88e::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 20.60.58.97 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

nvlupin.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.89.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-7.fra50.r.cloudfront.net

secure.ucsusa.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.117.200.111 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-117-200-111.deploy.static.akamaitechnologies.com

a3747760300.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:9400:14:79be:a380:93a1 (United States)

ASN16509 (AMAZON-02, US)

js2.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

8188095.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:c400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

20802620p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:7000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c01::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.91 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 951.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.253.74.200 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-74-200.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.210.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.183.134 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-183-134.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.14 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-14.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.119.241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-119-241.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.19.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.72.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-72-137.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:35be:ace0:b22e:18d9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.83.159 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-83-159.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.214.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-214-249.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.192.101 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-192-101.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States)

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.210.202.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-202-232.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.69.106.217 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 69 region1.google-analytics.com — Cisco Umbrella Rank: 2603	21 KB
12	everyaction.com secure.everyaction.com — Cisco Umbrella Rank: 71260 static.everyaction.com — Cisco Umbrella Rank: 110759	394 KB
8	doubleclick.net 2 redirects 8188095.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 138 googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 223	5 KB
5	windows.net nvlupin.blob.core.windows.net — Cisco Umbrella Rank: 60439	84 KB
4	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 553	279 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	30 KB
4	rfihub.com 2 redirects 20802620p.rfihub.com a.rfihub.com — Cisco Umbrella Rank: 3387 p.rfihub.com — Cisco Umbrella Rank: 838	7 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 164	196 KB
4	ngpvan.com profile.ngpvan.com — Cisco Umbrella Rank: 68116 fastaction.ngpvan.com — Cisco Umbrella Rank: 149688 secure.ngpvan.com — Cisco Umbrella Rank: 78326	4 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 101	235 KB
4	ucsusa.org secure.ucsusa.org	412 B
3	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 678 a3747760300.cdn.optimizely.com logx.optimizely.com — Cisco Umbrella Rank: 1332	86 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 679	283 B
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 315	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 552	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 597	2 KB
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 365	107 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 213	2 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 4915 adservice.google.de — Cisco Umbrella Rank: 6937	1 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 103 www.google.com — Cisco Umbrella Rank: 17	2 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 401	7 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1149 pixel.quantserve.com — Cisco Umbrella Rank: 489	10 KB
2	gitlab.io ucsusa.gitlab.io	47 KB
1	everesttech.net sync-tm.everesttech.net — Cisco Umbrella Rank: 689	177 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 504	338 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 492	377 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1030	183 B
1	addthis.com x.dlx.addthis.com — Cisco Umbrella Rank: 1217	191 B
1	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 2037	109 B
1	rezync.com 1 redirects live.rezync.com — Cisco Umbrella Rank: 1697	778 B
1	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1220	105 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 566	617 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 1095	344 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 372	239 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 799	634 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1093	2 KB
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5500	6 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 134	15 KB
1	verygoodvault.com js2.verygoodvault.com — Cisco Umbrella Rank: 77507	24 KB
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 1967	42 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 695	29 KB
1	typography.com cloud.typography.com — Cisco Umbrella Rank: 6249
1	mbl.ms 1 redirects mbl.ms	1 KB
104	44

	Domain	Requested by
14	www.google-analytics.com	www.googletagmanager.com az416426.vo.msecnd.net secure.everyaction.com
6	static.everyaction.com	secure.everyaction.com static.everyaction.com
6	secure.everyaction.com	secure.everyaction.com az416426.vo.msecnd.net
5	nvlupin.blob.core.windows.net	secure.everyaction.com code.jquery.com
4	static.xx.fbcdn.net	www.facebook.com
4	www.facebook.com	connect.facebook.net secure.everyaction.com
4	stats.g.doubleclick.net	az416426.vo.msecnd.net
4	connect.facebook.net	nvlupin.blob.core.windows.net secure.everyaction.com connect.facebook.net
4	www.googletagmanager.com	secure.everyaction.com static.everyaction.com www.googletagmanager.com
4	secure.ucsusa.org	secure.everyaction.com
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	x.bidswitch.net	1 redirects
2	sync.search.spotxchange.com	1 redirects secure.everyaction.com
2	dsum-sec.casalemedia.com	1 redirects secure.everyaction.com
2	idsync.rlcdn.com	secure.everyaction.com
2	p.rfihub.com	2 redirects
2	dpm.demdex.net	1 redirects secure.everyaction.com
2	ib.adnxs.com	1 redirects secure.everyaction.com
2	s.yimg.com	secure.everyaction.com az416426.vo.msecnd.net
2	8188095.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	profile.ngpvan.com	static.everyaction.com az416426.vo.msecnd.net
2	ucsusa.gitlab.io	secure.everyaction.com
1	logx.optimizely.com	az416426.vo.msecnd.net
1	secure.ngpvan.com	az416426.vo.msecnd.net
1	sync-tm.everesttech.net	secure.everyaction.com
1	beacon.krxd.net	secure.everyaction.com
1	aa.agkn.com	secure.everyaction.com
1	partners.tremorhub.com	secure.everyaction.com
1	x.dlx.addthis.com	secure.everyaction.com
1	bpi.rtactivate.com	secure.everyaction.com
1	live.rezync.com	1 redirects
1	bs.serving-sys.com	secure.everyaction.com
1	contextual.media.net	secure.everyaction.com
1	ps.eyeota.net	secure.everyaction.com
1	pixel.rubiconproject.com	secure.everyaction.com
1	a.rfihub.com	secure.everyaction.com
1	cm.g.doubleclick.net	1 redirects
1	adservice.google.de	adservice.google.com
1	sp.analytics.yahoo.com	secure.everyaction.com
1	www.google.de	secure.everyaction.com
1	www.google.com	secure.everyaction.com
1	adservice.google.com	8188095.fls.doubleclick.net
1	pixel.quantserve.com	secure.everyaction.com
1	region1.google-analytics.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	rules.quantcount.com	secure.quantserve.com
1	20802620p.rfihub.com	c1.rfihub.net
1	fastaction.ngpvan.com	static.everyaction.com
1	secure.quantserve.com	secure.everyaction.com
1	c1.rfihub.net	secure.everyaction.com
1	www.googleadservices.com	www.googletagmanager.com
1	js2.verygoodvault.com	static.everyaction.com
1	a3747760300.cdn.optimizely.com	cdn.optimizely.com
1	az416426.vo.msecnd.net	secure.everyaction.com
1	cdn.optimizely.com	secure.everyaction.com
1	code.jquery.com	secure.everyaction.com
1	cloud.typography.com	secure.everyaction.com
1	mbl.ms	1 redirects
104	58

This site contains links to these domains. Also see Links.

Domain
www.ucsusa.org
secure.ucsusa.org
twitter.com
blog.ucsusa.org
fastaction.ngpvan.com
www.charitynavigator.org
www.charitywatch.org
www.guidestar.org
give.org
www.facebook.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
*.everyaction.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-04-11` - `2023-04-11`	a year	crt.sh
static.everyaction.com Amazon	`2022-06-08` - `2023-07-07`	a year	crt.sh
*.gitlab.io AlphaSSL CA - SHA256 - G2	`2022-01-13` - `2023-02-02`	a year	crt.sh
*.typography.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-03`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-12-24` - `2022-12-24`	a year	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 01	`2022-04-26` - `2023-04-26`	a year	crt.sh
unionofconcernedscientists-oa.edge.targetedaction.net Amazon	`2021-10-26` - `2022-11-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh
*.cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-03` - `2023-06-07`	a year	crt.sh
*.ngpvan.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-30` - `2023-01-14`	a year	crt.sh
*.verygoodvault.com Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-20` - `2022-07-19`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-13` - `2022-08-03`	2 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
bs.serving-sys.com Amazon	`2022-04-10` - `2023-05-09`	a year	crt.sh
rtactivate.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
logx.optimizely.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 02	`2022-06-22` - `2023-06-22`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Frame ID: 18C98E240463150B3847A6AA9086355B
Requests: 76 HTTP requests in this frame

Frame: https://a3747760300.cdn.optimizely.com/client_storage/a3747760300.html
Frame ID: F8C2C90F7504364270187F8E31DA68C5
Requests: 1 HTTP requests in this frame

Frame: https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33
Frame ID: E37FCBB7D20ECFB54206115332DBAD37
Requests: 1 HTTP requests in this frame

Frame: https://20802620p.rfihub.com/ca.html?ver=9&rb=35937&ca=20802620&_o=35937&_t=20802620&pe=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&pf=&ra=9894310230655337
Frame ID: E55EF3ABDD89C45687AB047277A1D7ED
Requests: 19 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33
Frame ID: D0A428FE5ABD7C3A08EABD22919D3029
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6cc5c35a80ce8%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=71&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey
Frame ID: F5BC63ED4AD84654024D3A1E7BCCCEF2
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33
Frame ID: BF6D451D19E8DF491212B5BC5F92341F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df158ed10421b43c%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=103&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey
Frame ID: 9749D2B085EFCE4D7EC0D1FFEE57AE9B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

An Inside Look: What the Supreme Court's EPA Decision Means for Climate Action

Page URL History Show full URLs

https://mbl.ms/nXLTCrI0Ly1 HTTP 301
https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

104
Requests

92 %
HTTPS

41 %
IPv6

44
Domains

58
Subdomains

49
IPs

7
Countries

1530 kB
Transfer

4869 kB
Size

58
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ucsusa.org/

Search URL Search Domain Scan URL

URL: http://secure.ucsusa.org/onlineactions/dR5QqmX2uUCLCFD1KkVEzg2?MS=EAwrapper
Title: Donate

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?text=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action%20https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dtwitter

Search URL Search Domain Scan URL

URL: https://blog.ucsusa.org/tag/west-virginia-v-epa
Title: West Virginia v. Environmental Protection Agency

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/about/people/rachel-cleetus?pop=0
Title: Rachel Cleetus, PhD

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/about/people/julie-mcnamara?pop=0
Title: Julie McNamara

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/about/people/johanna-chao-kreilick?pop=0
Title: Johanna Chao Kreilick

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/##whats-this
Title: ?

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/privacy-policy#toc-text-messaging
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid_signup
Title: Sign up with your email address

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/facebook
Title: Facebook

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/twitter
Title: Twitter

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/terms
Title: terms of service

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/privacy
Title: privacy policy.

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid
Title: Log in with your email address

Search URL Search Domain Scan URL

URL: https://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=5970

Search URL Search Domain Scan URL

URL: https://www.charitywatch.org/ratings-and-metrics/union-of-concerned-scientists/281

Search URL Search Domain Scan URL

URL: https://www.guidestar.org/profile/04-2535767

Search URL Search Domain Scan URL

URL: http://give.org/charity-reviews/national/environment/union-of-concerned-scientists-in-cambridge-ma-1123

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/state-disclosures
Title: State Disclosures

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/about/news
Title: News

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/about/jobs
Title: Jobs

Search URL Search Domain Scan URL

URL: https://www.ucsusa.org/contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/unionofconcernedscientists

Search URL Search Domain Scan URL

URL: https://twitter.com/UCSUSA

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ConcernedScientists

Search URL Search Domain Scan URL

URL: https://www.instagram.com/unionofconcernedscientists

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mbl.ms/nXLTCrI0Ly1 HTTP 301
https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://8188095.fls.doubleclick.net/activityi;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33 HTTP 302
https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33

Request Chain 76

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEwNzQzMzgyMzkzMTc0NTQ1Nw==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESECB8fNnoPw4DCx_CTaJrxlc&google_cver=1

Request Chain 77

https://ib.adnxs.com/setuid?entity=18&code=5107433823931745457 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5107433823931745457

Request Chain 79

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5107433823931745457&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5107433823931745457&redir=

Request Chain 80

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=5107433823931745457&bid=omt9pi0

Request Chain 83

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5107433823931745457&referrer=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D8ab17add-c6b8-4b3c-ae60-d1529acf31ad%253A1657646324.1640968 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968

Request Chain 85

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward=&C=1

Request Chain 88

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5107433823931745457&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5107433823931745457&img=1&__user_check__=1&sync_id=aea6940a-0206-11ed-a8ad-14604df00306

Request Chain 92

https://x.bidswitch.net/sync?dsp_id=119&user_id=5107433823931745457&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5107433823931745457&expires=30

104 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request tfBn_iK2XUm2E9uQO9d1jQ2 Show response
secure.everyaction.com/
Redirect Chain

https://mbl.ms/nXLTCrI0Ly1
https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5...

38 KB
14 KB

650ms
603ms

Document
text/html

45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2e0430ce631b540c52eb4b70c4aca48e3577b0ebdec2ff404445af117061f7e7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: Request-Context
cache-control: private
content-encoding: gzip
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 17:18:41 GMT
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-content-type-options: nosniff
x-iinfo: 10-160819639-160819645 NNNN CT(86 352 0) RT(1657646321486 12) q(0 1 5 0) r(6 6) U2
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: no-cache
Content-Length: 0
Date: Tue, 12 Jul 2022 17:18:41 GMT
Expires: -1
Location: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-CDN: Imperva
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Iinfo: 13-230765867-230765894 NNNN CT(79 172 0) RT(1657646320201 162) q(0 0 3 1) r(4 4) U11
X-XSS-Protection: 1; mode=block

GET
H2 200 at.js Show response
static.everyaction.com/ea-actiontag/ 844 KB
241 KB 88ms
9ms Script
application/javascript 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/at.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f24c990b427c63b41da619a8aa7f8f0aec388026af19edd77fe50db380d21773

Request headers

Referer: https://secure.everyaction.com/
Origin: https://secure.everyaction.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 00:56:05 GMT
content-encoding: gzip
age: 58958
x-cache: Hit from cloudfront
content-length: 245785
access-control-allow-origin: *
last-modified: Wed, 06 Jul 2022 20:28:33 GMT
server: AmazonS3
etag: "8d4cf374c01e89a38731b7a76ad3ac2d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 3S_nYK0R4asPsDITRRoDzDpbHRBbEzHcu57MMnAd045vzlhT62Ew8g==

GET
H2 200 at.min.css
static.everyaction.com/ea-actiontag/ 59 KB
12 KB 88ms
10ms Stylesheet
text/css 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/at.min.css
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e66e9d5aa51dcdf9d077f9d9ea0722e08722bcfc6fa679d0d31e9d277fc21954

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 02:31:30 GMT
content-encoding: gzip
age: 53232
x-cache: Hit from cloudfront
content-length: 11467
access-control-allow-origin: *
last-modified: Wed, 06 Jul 2022 20:28:33 GMT
server: AmazonS3
etag: "0d195e1e53722d394be3320ffe47592d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: Vdqs2ay3PqpSLOLn1WkSFBVmgT-g1n8fwWXoU32Zghv43K7h7d0ukQ==

GET
H2 200 style.css
ucsusa.gitlab.io/everyaction-templates/ 44 KB
44 KB 364ms
141ms Stylesheet
text/css 35.185.44.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ucsusa.gitlab.io/everyaction-templates/style.css
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.44.232 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.44.185.35.bc.googleusercontent.com
Software: /
Resource Hash: b1fbdd6c59281f452373fc0801e9a9cbfbdc35ea5ed8647d2e25c4571da3c079

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
last-modified: Wed, 03 Mar 2021 20:43:53 GMT
etag: "bdf08a11f8911f97cbda5799bf3bc845bdcf6fd787b50361429c682ed52e3de0"
vary: Origin
content-type: text/css; charset=utf-8
cache-control: max-age=600
permissions-policy: interest-cohort=()
content-length: 45389
expires: Tue, 12 Jul 2022 17:28:42 UTC

GET
H2 200 script.js Show response
ucsusa.gitlab.io/everyaction-templates/ 2 KB
2 KB 354ms
131ms Script
application/javascript 35.185.44.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ucsusa.gitlab.io/everyaction-templates/script.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.44.232 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.44.185.35.bc.googleusercontent.com
Software: /
Resource Hash: 26732aac610952027aa9b1a48be805396a81081ae04c9501ea41ee7c5d695e2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
last-modified: Wed, 03 Mar 2021 20:43:53 GMT
etag: "bdf08a11f8911f97cbda5799bf3bc845bdcf6fd787b50361429c682ed52e3de0"
vary: Origin
content-type: application/javascript
cache-control: max-age=600
permissions-policy: interest-cohort=()
content-length: 2179
expires: Tue, 12 Jul 2022 17:28:42 UTC

GET
H/1.1 403
Forbidden fonts.css
cloud.typography.com/6045052/6787212/css/ 0
0 866ms
805ms Stylesheet
text/html 104.89.40.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cloud.typography.com/6045052/6787212/css/fonts.css
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.40.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-40-9.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 79ms
44ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 17:24:41 GMT
server: nginx
etag: W/"573f4859-14e4a"
vary: Accept-Encoding
x-hw: 1657646322.dop237.am5.t,1657646322.cds302.am5.hn,1657646322.cds218.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 3747760300.js Show response
cdn.optimizely.com/js/ 274 KB
84 KB 152ms
122ms Script
text/javascript 2a02:26f0:3500:88e::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/3747760300.js

Requested by

Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:88e::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b4f37cffbd33aa3ba25f0129c2474012a2dc64d909377795cc6acc58be8c43b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: 0e5TIlvpvD84do02MhY1p72ew3WXB4x1
content-encoding: gzip
etag: "16460c6d15b675f4486a066cdca6fc25"
x-amz-request-id: H6T6DWR53EVWF6SX
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 1172
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="2a02:26f0:3500:88e::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 85550
x-amz-id-2: OnwY3w7R8EqeBxVMbLJtpTAP1Q0rJHaAEioTu6bi2JfLBxh+3Ob9RgkuMbWKPWcO6ePFIZqizq0=
last-modified: Mon, 11 Jul 2022 21:24:19 GMT
server: AmazonS3
date: Tue, 12 Jul 2022 17:18:42 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H/1.1 200
OK mr_advocacy_donation_share_icons_js.css Show response
nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/ 7 KB
8 KB 423ms
97ms Script
text/css 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/mr_advocacy_donation_share_icons_js.css?type=.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7f81ca5658929d443992c29e7ef821b6825b38e21dc204922eb7444a2fc789d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 12 Jul 2022 17:18:42 GMT
Last-Modified: Tue, 01 Dec 2020 18:10:26 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D8962460FF53C7
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: d929bfd5-c01e-0075-5413-962c7d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 7236

GET
H2 404 charity-navigator-four-stars.svg
secure.ucsusa.org/sites/all/themes/ucsusa/images/ 103 B
103 B 206ms
140ms Image
text/html 143.204.89.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.ucsusa.org/sites/all/themes/ucsusa/images/charity-navigator-four-stars.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-7.fra50.r.cloudfront.net

Software

Microsoft-IIS/10.0 /

Resource Hash

90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-amz-cf-pop: FRA50-C1
x-cache: Error from cloudfront
content-type: text/html
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
x-iinfo: 4-50872183-50730665 pNYN RT(1657646322755 1) q(0 0 0 0) r(1 1) U11
access-control-expose-headers: Request-Context
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
x-amz-cf-id: WFUS2EHPadJRf8sNMMixmw_XZHzUUBHCe36Eo2Njc9XmQLLiQOB71w==
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 404 charity-watch-top-rated.svg
secure.ucsusa.org/sites/all/themes/ucsusa/images/ 103 B
103 B 140ms
140ms Image
text/html 143.204.89.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.ucsusa.org/sites/all/themes/ucsusa/images/charity-watch-top-rated.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-7.fra50.r.cloudfront.net

Software

Microsoft-IIS/10.0 /

Resource Hash

90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-amz-cf-pop: FRA50-C1
x-cache: Error from cloudfront
content-type: text/html
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
x-iinfo: 10-6748225-6700742 pNYN RT(1657646323018 1) q(0 0 0 0) r(1 1) U11
access-control-expose-headers: Request-Context
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
x-amz-cf-id: _FjnA_4QqZ72N0ORvklE3t7mSg1ouQQNV3H1D40POLVMwo_4k1S4tQ==
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 404 guidestar-2020-platinum-badge-white.svg
secure.ucsusa.org/sites/all/themes/ucsusa/images/ 103 B
103 B 128ms
128ms Image
text/html 143.204.89.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.ucsusa.org/sites/all/themes/ucsusa/images/guidestar-2020-platinum-badge-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-7.fra50.r.cloudfront.net

Software

Microsoft-IIS/10.0 /

Resource Hash

90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-amz-cf-pop: FRA50-C1
x-cache: Error from cloudfront
content-type: text/html
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
x-iinfo: 4-50872183-50730665 sNYN RT(1657646322755 247) q(0 0 0 11) r(1 1) U11
access-control-expose-headers: Request-Context
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
x-amz-cf-id: x4OSNZxX-4wJBXLCO-X74AwyVROvFlgd53cmQEVydP-caa7pJwNk5g==
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 404 bbb-accredited-charity-wide.svg
secure.ucsusa.org/sites/all/themes/ucsusa/images/ 103 B
103 B 299ms
298ms Image
text/html 143.204.89.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.ucsusa.org/sites/all/themes/ucsusa/images/bbb-accredited-charity-wide.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-7.fra50.r.cloudfront.net

Software

Microsoft-IIS/10.0 /

Resource Hash

90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-amz-cf-pop: FRA50-C1
x-cache: Error from cloudfront
content-type: text/html
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
x-iinfo: 4-50872231-50872232 nNYN RT(1657646323083 2) q(0 0 2 0) r(3 3) U11
access-control-expose-headers: Request-Context
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
x-amz-cf-id: drP7FhH1D5vDYYXemQ2xR67n20ZK8XSHS-UqI9YevCPd1itjqNCWRw==
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 _Incapsula_Resource Show response
secure.everyaction.com/ 137 KB
19 KB 15ms
13ms Script
application/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.everyaction.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=83590811
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 794191f2c823773ad0c3c9d958c56143203f1929906a9616fcebd06fd8eb52c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-encoding: gzip
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 19619
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
72 KB 218ms
133ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NB5C4Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d03a80be0f52fc96e2fcab55b1b32df997b6d1a0ee475b86b7402bb0166dcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73986
x-xss-protection: 0
last-modified: Tue, 12 Jul 2022 16:07:37 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 135 KB
48 KB 139ms
54ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8171c7dc7a8cac5d613c7cd33a5b9e9966443b7c2a86322be01058fcebb981d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49153
x-xss-protection: 0
last-modified: Tue, 12 Jul 2022 17:00:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H/1.1 200
OK mr_fx_js.css Show response
nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/ 35 KB
36 KB 99ms
98ms Script
text/css 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/mr_fx_js.css?type=.js&_=1657646323183
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 13cc58cd63d0ce7d4c36283a22bbcc3bc8e74dc7958460355073aefed8fdb5bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 12 Jul 2022 17:18:42 GMT
Last-Modified: Thu, 16 Mar 2017 00:35:02 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D46C0448F5C01E
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: d929c2c4-c01e-0075-2113-962c7d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 36084

GET
H2 200 ai.2.min.js Show response
az416426.vo.msecnd.net/scripts/b/ 119 KB
42 KB 46ms
9ms Script
text/javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F5B) /
Resource Hash: 450c11968152d6120b39f80fe8de61e4284ee3f8555aa6d4f95905da97d565cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-07 00:07:47
content-md5: w01n43WhWbndRd7LhVxiBA==
age: 535
x-cache: HIT
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.8.4.min.js
content-length: 42351
x-ms-lease-status: unlocked
last-modified: Wed, 08 Jun 2022 16:01:35 GMT
server: ECAcc (frc/8F5B)
x-ms-meta-aijssdkver: 2.8.4
etag: 0x8DA496829B6F874
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: a943fa34-401e-0044-6112-96624a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19
expires: Tue, 12 Jul 2022 17:48:43 GMT

GET
H2 200 a3747760300.html Show response
a3747760300.cdn.optimizely.com/client_storage/ Frame F8C2 2 KB
1 KB 505ms
448ms Document
text/html 104.117.200.111
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a3747760300.cdn.optimizely.com/client_storage/a3747760300.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/3747760300.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.117.200.111 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-200-111.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

db6e7498fc02ff3dc7d9a7252033bdde67826f0f2ac6bfa55258a60b4c1f11f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://secure.everyaction.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=120
content-encoding: gzip
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 17:18:43 GMT
etag: "764acee750feb1953efa6bcf49e68d42"
last-modified: Mon, 11 Jul 2022 21:24:11 GMT
server: AmazonS3
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="104.117.200.111";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-amz-id-2: owZwCyY5FYfjGl22hKFimTfXlGBbkZ0nYgslyM/AWQ89pmWFANo7iVoApyBmTYFf/tDyxyt8BYY=
x-amz-meta-pci_enabled: False
x-amz-replication-status: COMPLETED
x-amz-request-id: A2FVMS3AFMYSJM9D
x-amz-server-side-encryption: AES256
x-amz-version-id: rD6_bBSqK0X2kYjZpUzHyqTdzWxvEImM

GET
H2 200 _Incapsula_Resource
secure.everyaction.com/ 1 B
35 B 7ms
6ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.everyaction.com/_Incapsula_Resource?SWKMTFSR=1&e=0.8672588963248589
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 127 KB
46 KB 84ms
84ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

029aea9275de34ff8377c149bf4f7f9591e7d18e6c3bd4ddc40067598ae776f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46575
x-xss-protection: 0
last-modified: Tue, 12 Jul 2022 17:00:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H2 200 extra.min.css
static.everyaction.com/ea-actiontag/ 98 KB
17 KB 8ms
7ms Stylesheet
text/css 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea2735a6f5b4a57fa234cba664892bbe26a93dc89c9d6d473ca9b98c2590c5ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 02:36:20 GMT
content-encoding: gzip
age: 52944
x-cache: Hit from cloudfront
content-length: 16785
access-control-allow-origin: *
last-modified: Wed, 06 Jul 2022 20:28:33 GMT
server: AmazonS3
etag: "0e8cecc796b34561a70468a1dd8268b2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 0SHq3tozQa25n6oFp1WY2tXKLKg1CArrOaXfQ6nVIdHznM60twJ3Eg==

GET
H2 200 identity Show response
profile.ngpvan.com/ 72 B
1 KB 417ms
371ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://profile.ngpvan.com/identity?callback=_jqjsp

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / Express, ASP.NET

Resource Hash

537f9eead19a12fba144f0090cf109f02e22a3c58e2b7e933d7d40c83e9b7d6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi OUR OTRo STP IND COM NAV DEM"
x-iinfo: 3-119020157-119020160 NNNN CT(86 175 0) RT(1657646323192 10) q(0 0 2 4) r(3 3) U5
x-cdn: Imperva
content-type: text/javascript; charset=utf-8
content-length: 191
etag: W/"48-IyccwYiaPv9C4kB+UrX8GMOkrP8"
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js2.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 468ms
395ms Script
application/javascript 2600:9000:2251:9400:14:79be:a380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js2.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:9400:14:79be:a380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: s108w9ESk9MsUpkYVuIVY.XmC2guOF28
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 24 Apr 2020 20:22:27 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P3
ETag: W/"9b953aa54ddcf3f41bc5a40e25cf8452"
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Content-Type: application/javascript
Via: 1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
Date: Tue, 12 Jul 2022 17:18:44 GMT
Connection: keep-alive
X-Amz-Cf-Id: d6d654ec0zSVMUh0MsUBHlcNgBGlg-tFtwOfkjHhzU-aX3KxopAL6w==

GET
H2 200 tfBn_iK2XUm2E9uQO9d1jQ2 Show response
secure.everyaction.com/v1/Forms/ 16 KB
6 KB 123ms
123ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/v1/Forms/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2FYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2FAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2FkDMVZxifZOzjC8q2x1GG8l7eA%3D&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ea7fd3e62274d09abf34926f8d43d30de2cb1241235132fac694def99624cc78

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Request-Id: |4f77fe7dd1b3409cab62c24ff9c709d5.d549b8f69f804d90
X-Requested-With: XMLHttpRequest
traceparent: 00-4f77fe7dd1b3409cab62c24ff9c709d5-d549b8f69f804d90-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Referer: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-160819639-160819645 PNNN RT(1657646321486 1708) q(0 1 1 -1) r(2 2) U2
vary: Accept-Encoding
content-length: 6201
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
pragma: no-cache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: no-cache
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
expires: -1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 115ms
35ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 766
date: Tue, 12 Jul 2022 17:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 12 Jul 2022 19:05:57 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 32ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: nvlupin.blob.core.windows.net
URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/mr_advocacy_donation_share_icons_js.css?type=.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2d2a9a198ac4b614ea8506ac00c6ce50d90ffacbc17b6c1e2387ba0906be2f5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: qs9a2CMBv9b4NxxdlHPsww==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: Gh+8nnQcORU3Qwg3INNP5HC8ZJCxn6N0w2qye+8Ifsd45lyoFK2/CUpKLcAnYwzG5ZJqeczkgQA8z16c9lJ/IQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 382e318c2d51db40ac88d7b60a18a449
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 12 Jul 2022 17:18:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ab4ae1dc04cb9b5480c61695272fd16c"
timing-allow-origin: *
expires: Tue, 12 Jul 2022 17:35:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VB9DKE4V36&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NB5C4Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1742113d66b71ddb1b0893bec48372f074ae7d90557a1bb54a3ad34d8164938f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70209
x-xss-protection: 0
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 40 KB
15 KB 134ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NB5C4Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

00e67a6bb1601297c954a9c6438eb956f4ca87253683fb348d1bda64cee7d1ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15163
x-xss-protection: 0
server: cafe
etag: 11137310801552021614
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H3

200

activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.every... Show response
8188095.fls.doubleclick.net/ Frame E37F
Redirect Chain

https://8188095.fls.doubleclick.net/activityi;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.eve...
https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1...

868 B
696 B

104ms
44ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NB5C4Q

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

6d2d8d5fbc31ffec1e004cb3d8b2b153b34d8f483d24b633e3153d74c08e79ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 671
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 25939
x-xss-protection: 0
pragma: public
x-fb-debug: wfW0FbHhMQHRkewcPAGLmQkRO8amBOadNu8NXjpR1z3HCaa65/lq4NPnyq+tCxVyxLf700xM4uRMRPHe9XpoKw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 12 Jul 2022 17:18:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 58ms
7ms Script
application/x-javascript 2600:9000:223c:c400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:11:50 GMT
content-encoding: gzip
last-modified: Tue, 12 Jul 2022 17:11:40 GMT
server: Jetty(9.3.29.v20201019)
age: 413
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA56-P2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: -IxShSZViknmZk0y0Zy-kHT7RsuhLmntmnbX_FWt_m-d2GglN2B6MQ==
expires: Tue, 12 Jul 2022 18:11:50 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 62ms
8ms Script
application/javascript 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 67315acd47fca91a767aa68f94f8666c7ca01eebf6012326da7edb7e97106502

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
etag: "Sy8yk7L2ihxjBP+YyKUKJg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 19 Jul 2022 17:18:43 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 16 KB
6 KB 221ms
21ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:17:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: NSAG0WGXP8W3V5BE
x-amz-id-2: hZVGqrwdETo5B1KSdR9BFEc0kKxMc68ZaJ6QKspmW2dJ3n9fWVdlYoXWIN6j4aqMh1EYrUOsVE4=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
server: ATS
etag: "6a624022b5d271dcefb070b0b6670abc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
accept-ranges: bytes
content-type: application/javascript

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 297 KB
84 KB 16ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=4616765ac0791f02fc0a732fb3e9720a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3087cf83db8173cf2f8b4153cd48cd049d8c637a3897278a2dca5b82959983c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.everyaction.com/
Origin: https://secure.everyaction.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: R2FXTf7TIlELXnoyMq40Uw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85888
x-fb-rlafr: 0
x-fb-debug: POJOsHEq6GCcMi4K5th18DWF7pZFifFt2rZ/aw/PWUZJMR351h+FC7a/GL4eGLec2DlPf9JKU1QUODyQGn9eBA==
x-fb-content-md5: bb235ea610811f14397c968122371c18
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 12 Jul 2022 17:18:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "5ae99ab1cf05902cddf97a2bf516edfd"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 12 Jul 2023 16:43:02 GMT

GET
H2 200 identity Show response
fastaction.ngpvan.com/api/v1/ 182 B
814 B 397ms
366ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://fastaction.ngpvan.com/api/v1/identity?callback=_jqjsp&_1657646323541=

Requested by

Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / Express, ASP.NET

Resource Hash

9895210bc59f1359701fbde1b882c99297e424fb9117a2f7b47a6c477d5ba792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Accept-Encoding,Accept-Encoding
p3p: CP="NOI ADM DEV COM NAV OUR STP"
x-iinfo: 3-119020157-119020170 NNNN CT(86 180 0) RT(1657646323192 179) q(0 0 3 0) r(4 4) U4
x-cdn: Imperva
strict-transport-security: max-age=31536000; includeSubdomains
content-type: text/javascript; charset=utf-8
content-length: 294
etag: W/"b6-YrZGQFy/EQOcbdxhOiOrOVze/KY"
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 intl-tel.input.utils.js Show response
static.everyaction.com/ea-actiontag/assets/js/ 245 KB
55 KB 12ms
11ms Script
application/javascript 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.everyaction.com/ea-actiontag/assets/js/intl-tel.input.utils.js
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/at.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8496a94dcfd779693def6ae3e607a923fece02f38491ef1462e7cb51cab12e7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sat, 25 Jun 2022 22:06:34 GMT
content-encoding: gzip
age: 1451530
x-cache: Hit from cloudfront
content-length: 56004
access-control-allow-origin: *
last-modified: Tue, 12 Apr 2022 14:33:00 GMT
server: AmazonS3
etag: "4b9bf850ee4aa76202eb0e6f5948bfa8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 0mo9fgKuqf4znNHkzjZh3-sje8-C_a_UEEEKfJRx2zdjD4j6K8Jw7A==

GET
DATA 200
OK truncated
/ 784 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 flags.png
static.everyaction.com/ea-actiontag/assets/images/ 20 KB
20 KB 11ms
10ms Image
image/png 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.everyaction.com/ea-actiontag/assets/images/flags.png
Requested by: Host: static.everyaction.com
URL: https://static.everyaction.com/ea-actiontag/extra.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.everyaction.com/ea-actiontag/extra.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:45:12 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
age: 11331212
x-cache: Hit from cloudfront
content-length: 20389
last-modified: Tue, 07 Dec 2021 15:33:44 GMT
server: AmazonS3
etag: "4e54a2ee652e9cddbd4ef6f8c46e5390"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: V34Cp1vmtolQgiGmwXY8AK0SVXEnXfDAya84qM0GlrvdFPyFDetWlA==

GET
H2 200 tfBn_iK2XUm2E9uQO9d1jQ2
secure.everyaction.com/v1/Track/ 0
145 B 116ms
114ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.everyaction.com/v1/Track/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2FYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2FAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2FkDMVZxifZOzjC8q2x1GG8l7eA%3D&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33&formSessionId=1592a54c-d7ab-465b-8644-63f651c1a02b&bName=chrome&dType=desktop&fUrl=aHR0cHM6Ly9zZWN1cmUuZXZlcnlhY3Rpb24uY29tL3RmQm5faUsyWFVtMkU5dVFPOWQxalEyP2NvbnRhY3RkYXRhPTJQckdaT2pMU2tBSEJlckR0Y0ElMmZZQnVLWmdkNWpWMmVWcGo1dGQ4Z3VVeDAwQk84NzVDZW51aUs4dWZDNEM0eXZaOXZUT2VYdkdKSTFYODI1T0dXZFJINmd3TkRVYUtpdTV3ejdUejdFRStQMUF6dW5laVFqdmlEOXJFbFZRWTVqcm54OFNWMEJLSExZU0NwUVh5NTlSNHoyTkJqaUtjeDNDa2VpWHZJQWFjUm0lMmZBWnhSMkFTb25pRkFQOU8yUUpuMUxGK25NZFpKNTdXUnhJeSUyZmtETVZaeGlmWk96akM4cTJ4MUdHOGw3ZUElM2QmbXM9U01TJm1tZHI9ZGE4ZGQ4MWQtNjYzYy00YzQwLWE0OTctMzhlYTg5Njk0ZjMz&fRef=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:42 GMT
x-content-type-options: nosniff
expires: -1
x-cdn: Imperva
x-frame-options: SAMEORIGIN
x-iinfo: 10-160819639-160819645 PNNN RT(1657646321486 1945) q(0 0 0 -1) r(1 1) U2
access-control-expose-headers: Request-Context
cache-control: no-cache
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security: max-age=31536000
content-length: 0
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 fast-action.svg
static.everyaction.com/ea-actiontag/assets/images/ 9 KB
9 KB 19ms
17ms Image
image/svg+xml 2600:9000:2156:f400:3:1d53:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.everyaction.com/ea-actiontag/assets/images/fast-action.svg
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f400:3:1d53:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 03:41:16 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
age: 49048
x-cache: Hit from cloudfront
content-length: 9203
last-modified: Tue, 07 Dec 2021 15:33:44 GMT
server: AmazonS3
etag: "babd47dc25531a9faeadc04f1afa1910"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 2zX-9mdEh8szAiyQhcZBrsRtoweUWBpRAz-3G3WdNDNHrodJg1x3_Q==

GET
H/1.1 200
OK mr_fx_js.css Show response
nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/ 35 KB
36 KB 99ms
99ms Script
text/css 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/scripts/mr_fx_js.css?type=.js&_=1657646323184
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 13cc58cd63d0ce7d4c36283a22bbcc3bc8e74dc7958460355073aefed8fdb5bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 12 Jul 2022 17:18:43 GMT
Last-Modified: Thu, 16 Mar 2017 00:35:02 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D46C0448F5C01E
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: d929c493-c01e-0075-6213-962c7d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 36084

GET
H/1.1 200
OK ca.html Show response
20802620p.rfihub.com/ Frame E55E 3 KB
4 KB 340ms
22ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20802620p.rfihub.com/ca.html?ver=9&rb=35937&ca=20802620&_o=35937&_t=20802620&pe=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&pf=&ra=9894310230655337
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7cbdd8fdda9d68b641b3ac6a3123c51c486c9bcab9dbc9508e34989e1ef8fe0c

Request headers

Referer: https://secure.everyaction.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 2971
Content-Type: text/html;charset=utf-8
Date: Tue, 12 Jul 2022 17:18:44 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2 200 rules-p-8w7tSVuzV_3NU.js Show response
rules.quantcount.com/ 5 KB
2 KB 46ms
10ms Script
application/javascript 2600:9000:223c:7000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-8w7tSVuzV_3NU.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba28457aec8e96bda721a20af6fd36d57940c7607597f0caadd72e6c08615f88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 16:51:10 GMT
content-encoding: gzip
age: 1654
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Fri, 01 Nov 2019 20:00:46 GMT
server: AmazonS3
etag: W/"610bb3b00c066431338a8002bf88acfa"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: T7vLfNRpYEMqJYwjS5OEUaYLRikBH-oi6WcVrsFiO1sQHHPcBGjP3w==

GET
H3 200 625465517575530 Show response
connect.facebook.net/signals/config/ 291 KB
84 KB 66ms
65ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/625465517575530?v=2.9.64&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ecc5768a167d201f26f4b0d1868b1b308e5d531d9f9ad1f8094eb7089637c929

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: MMaqVTBMdc+Ul8cM4YqxXTgO0Jo6ep2GvhvzmJa75qqkZVZ+35ef0l8rryMTtRvDtK3JSvqYUr8WGqY6PiQonA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 12 Jul 2022 17:18:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1657646323746
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
443 B 56ms
19ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-62682497-4&cid=1058214227.1657646324&jid=2072482201&gjid=784694110&_gid=1206225538.1657646324&_u=YGBAgAABAAAAAE~&z=2120576853

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jul 2022 17:18:43 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 126ms
47ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2049432069&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAAEABAAAAAG~&jid=989127794&gjid=152329116&cid=1058214227.1657646324&tid=UA-6648639-1&_gid=1206225538.1657646324&_r=1&gtm=2wg7b0NB5C4Q&cd2=&cd3=&z=518063603

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 124ms
48ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Downloading&utt=145&_u=YGHAAEABAAAAAG~&jid=1686781558&gjid=2044585507&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&_r=1&gtm=2wg7b05L2FSL&z=1550208869

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 49ms
20ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-28243511-20&cid=1058214227.1657646324&jid=1862008827&gjid=38237861&_gid=1206225538.1657646324&_u=YGHAgEABAAAAAG~&z=885786032

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jul 2022 17:18:43 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 117ms
48ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2049432069&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Form%20Loaded&ea=EventSignupForm&el=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&_u=YGHAAEABAAAAAG~&jid=1941041966&gjid=827641892&cid=1058214227.1657646324&tid=UA-6648639-1&_gid=1206225538.1657646324&_r=1&gtm=2wg7b0NB5C4Q&z=1031848657

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 99ms
42ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAAB~&jid=2072482201&gjid=784694110&cid=1058214227.1657646324&tid=UA-62682497-4&_gid=1206225538.1657646324&gtm=2wg7b0PM473M&z=1974552861

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 99ms
42ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=EventSignupForm&ea=Form%20Load&el=Minimal&ev=10&_u=YGHAgEABAAAAAG~&jid=1862008827&gjid=38237861&cid=1058214227.1657646324&tid=UA-28243511-20&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FUCS%2FUCS%2F1%2F58097&cd3=4347758&cd4=1000187&cd5=DEV%20AX%207%2F12%2F2022%20webinar%20SCOTUS%20EPA%20decision&cd6=tfBn_iK2XUm2E9uQO9d1jQ2&z=1648674275

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 99ms
43ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGHAgEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-20&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FUCS%2FUCS%2F1%2F58097&cd3=4347758&cd4=1000187&cd5=DEV%20AX%207%2F12%2F2022%20webinar%20SCOTUS%20EPA%20decision&cd6=tfBn_iK2XUm2E9uQO9d1jQ2&z=762016911

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 94ms
39ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Processing&utt=7&_u=YGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&z=173876154

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 95ms
40ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Render&utt=77&_u=YGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&z=219862791

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 96ms
41ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Fill&utt=4&_u=YGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&z=1264869264

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 96ms
41ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Form&utt=237&_u=YGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&z=823166521

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 96ms
41ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=ActionTag&utv=Total&utt=276&_u=YGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-28243511-22&_gid=1206225538.1657646324&gtm=2wg7b05L2FSL&z=51065981

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72929
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979118/ 3 KB
2 KB 142ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979118/?random=1657646323727&cv=9&fst=1657646323727&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7b0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&tiba=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

852a4aecaa31d65756c12cdf99df578915ed498615505b8c9d79bb569fcbd935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1367
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
342 B 125ms
39ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VB9DKE4V36&gtm=2oe7b0&_p=2049432069&_z=ccd.v9B&cid=1058214227.1657646324&ul=en-us&sr=1600x1200&_s=1&sid=1657646323&sct=1&seg=0&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VB9DKE4V36&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=1062826729;labels=_fp.event.Default;rf=0;a=p-8w7tSVuzV_3NU;url=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx...
pixel.quantserve.com/ 35 B
371 B 11ms
10ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1062826729;labels=_fp.event.Default;rf=0;a=p-8w7tSVuzV_3NU;url=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33;uht=2;fpan=1;fpa=P0-124377714-1657646323828;pbc=;ns=0;ce=1;qjs=1;qv=623fd1d5-20220628170050;cm=;gdpr=0;ref=;d=everyaction.com;dst=0;et=1657646323828;tzo=0;ogl=site_name.Union%20of%20Concerned%20Scientists%2Cimage.https%3A%2F%2Fnvlupin%252Eblob%252Ecore%252Ewindows%252Enet%2Fimages%2Fvan%2FUCS%2FUCS%2F1%2F58097%2Fimages%2Fenergy-c%2Curl.https%3A%2F%2Fsecure%252Eucsusa%252Eorg%2Fa%2F2022-07-12-webinar-scotus-epa-decision%2Ctitle.An%20Inside%20Look%3A%20What%20the%20Supreme%20Court's%20EPA%20Decision%20Means%20for%20Climate%20Action%2Ctype.article%2Cdescription.The%20Union%20of%20Concerned%20Scientists%20invites%20you%20to%20a%20virtual%20discussion%20on%20the%20rec

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 10095888.json Show response
s.yimg.com/wi/config/ 2 B
486 B 159ms
119ms XHR
application/json 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10095888.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: 5YJ260180D6P8JXD
x-amz-id-2: LfPaGMA5JPgSpI+9+ITbPhCFkRFCtyp8QBHO9q7o5iu8IwTDXy/bQ4lzOhjAIaa4qbNm9thVA7A=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 22

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 56ms
19ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6648639-1&cid=1058214227.1657646324&jid=989127794&gjid=152329116&_gid=1206225538.1657646324&_u=YGDAAEABAAAAAG~&z=1398971584

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jul 2022 17:18:43 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 53ms
19ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6648639-1&cid=1058214227.1657646324&jid=1941041966&gjid=827641892&_gid=1206225538.1657646324&_u=YGHAAEABAAAAAG~&z=1469625130

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jul 2022 17:18:43 GMT
content-type: text/plain
access-control-allow-origin: https://secure.everyaction.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nvtag Show response
profile.ngpvan.com/v2/data/WmLAcuxZoic1x31SNRja_C2C/ 2 B
966 B 382ms
367ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/v2/data/WmLAcuxZoic1x31SNRja_C2C/nvtag
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: gzip
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
server: Microsoft-IIS/10.0
x-powered-by: Express, ASP.NET
vary: Origin,Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.everyaction.com
x-iinfo: 9-131331789-131331791 NNNN CT(85 174 0) RT(1657646323641 9) q(0 0 3 -1) r(4 4) U5
access-control-allow-credentials: true
content-length: 123
x-cdn: Imperva
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com... Show response
adservice.google.com/ddm/fls/i/ Frame D0A4 867 B
1 KB 160ms
78ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33

Requested by

Host: 8188095.fls.doubleclick.net
URL: https://8188095.fls.doubleclick.net/activityi;dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

573c225160896496026930b73473c7355bc327748f9b700e2c6ceb0ad6e255ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8188095.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 670
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/plugins/ Frame F5BC 58 KB
16 KB 125ms
107ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6cc5c35a80ce8%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=71&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=4616765ac0791f02fc0a732fb3e9720a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fce024102ecb2694886b84f32a7ae9a5d829484aeb778950ce0f4d8960e9c69f

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.everyaction.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:43 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: cvfbq+VRouhIhkcpHuYjZp/096fmh5svfDhwlVszYb7gl53s6WBlgc347LXZqPLIejMf4sU+n8tdbNOf5rJqZQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H/1.1 200
OK donation-advocacy-tweet-icon-2x.png
nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/ 2 KB
2 KB 98ms
98ms Image
image/png 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/donation-advocacy-tweet-icon-2x.png
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7b77fd8b3d78dbe93e8f9156aa32804fee907187cbc82a80f3a9d2b8eff55647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 12 Jul 2022 17:18:43 GMT
Last-Modified: Tue, 01 Dec 2020 18:09:35 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D8962442EC50AE
Content-Type: image/png
Access-Control-Allow-Origin: *
x-ms-request-id: d929c540-c01e-0075-0613-962c7d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 1938

GET
H/1.1 200
OK donation-advocacy-email-icon-2x.png
nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/ 2 KB
2 KB 199ms
100ms Image
image/png 20.60.58.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nvlupin.blob.core.windows.net/images/van/UCS/UCS/1/58097/images/donation-advocacy-email-icon-2x.png
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.58.97 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 23c1a5ffcf992a93cddb31369796699f8f14d25a5e0f7015ed7821b2b04f1cc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 12 Jul 2022 17:18:43 GMT
Last-Modified: Tue, 01 Dec 2020 18:09:02 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D896242F199041
Content-Type: image/png
Access-Control-Allow-Origin: *
x-ms-request-id: d929c5aa-c01e-0075-6d13-962c7d000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 1593

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 16ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=625465517575530&ev=PageView&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&rl=&if=false&ts=1657646323860&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&fbp=fb.1.1657646323859.1387877139&it=1657646323684&coo=false&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 12 Jul 2022 17:18:43 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1071979118/ 42 B
548 B 135ms
51ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071979118/?random=1657646323727&cv=9&fst=1657645200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7b0&sendb=1&frm=0&url=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&tiba=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&async=1&fmt=3&is_vtc=1&random=1874867424&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071979118/ 42 B
548 B 136ms
50ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071979118/?random=1657646323727&cv=9&fst=1657645200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7b0&sendb=1&frm=0&url=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&tiba=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&async=1&fmt=3&is_vtc=1&random=1874867424&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zSKZHMh8mXU.png
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame F5BC 388 B
617 B 7ms
7ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/zSKZHMh8mXU.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6cc5c35a80ce8%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=71&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
x-content-type-options: nosniff
content-md5: mLIKfuTnwd0c8uA9BXg4cQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 388
x-fb-rlafr: 0
x-fb-debug: GiztFnCcN3GKxaF5gDLWuMhKn7RpM18S1LK0jwUB7EFHxENAGIcSlHH+SRAOap2iVY0rtO6FI2bMBjY4vjmxJw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=6
expires: Sat, 01 Jul 2023 05:08:20 GMT

GET
H2 200 bASR9_iYU3j.js Show response
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yL/l/ru_RU/ Frame F5BC 535 KB
139 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yL/l/ru_RU/bASR9_iYU3j.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b0bba129bdba996e42a5bd5bf46045838ec4ef119e67d97f55b90299d0829a09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:43 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: +8V+QlueJPJZNAA9QyrAEg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 142176
x-fb-rlafr: 0
x-fb-debug: 9Qo25tuXHocIKwOTANCFOLe889em2151VWLUvR6CuMJoBPEW4DkYlHZFx6oDIYhpgu4t9M3pQSWGluudslutsA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 12 Jul 2023 08:37:54 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
634 B 119ms
38ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Tue%2C%2012%20Jul%202022%2017%3A18%3A43%20GMT&n=0&b=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&.yp=10095888&f=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&enc=UTF-8&yv=1.13.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Tue, 12 Jul 2022 17:18:44 GMT

GET
H2 200 dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com... Show response
adservice.google.de/ddm/fls/i/ Frame BF6D 194 B
870 B 175ms
74ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CJz4ouLt8_gCFaQfBgAdFgUEog;src=8188095;type=site;cat=ucs-g0;ord=7628776203836;gtm=2wg7b0;auiddc=1172710386.1657646324;u1=%2FtfBn_iK2XUm2E9uQO9d1jQ2;~oref=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:44 GMT
expires: Tue, 12 Jul 2022 17:18:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame E55E
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEwNzQzMzgyMzkzMTc0NTQ1Nw==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESECB8fNnoPw4DCx_CTaJrxlc&google_cver=1

42 B
1007 B

60ms
17ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESECB8fNnoPw4DCx_CTaJrxlc&google_cver=1
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 12 Jul 2022 17:18:44 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESECB8fNnoPw4DCx_CTaJrxlc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame E55E
Redirect Chain

https://ib.adnxs.com/setuid?entity=18&code=5107433823931745457
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5107433823931745457

43 B
1 KB

15ms
15ms

Image
image/gif

185.89.210.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5107433823931745457

Requested by

Protocol

HTTP/1.1

Server

185.89.210.91 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

951.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Jul 2022 17:18:44 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 951.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7a22ae1d-5bf3-4d43-8248-9a5e443d5e9f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Jul 2022 17:18:44 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 951.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5b6c049f-e510-43f1-9cc7-323cf648acd2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5107433823931745457
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame E55E 0
239 B 41ms
9ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5107433823931745457&
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame E55E
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5107433823931745457&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5107433823931745457&redir=

42 B
942 B

31ms
31ms

Image
image/gif

34.253.74.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5107433823931745457&redir=

Requested by

Protocol

HTTP/1.1

Server

34.253.74.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-74-200.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v036-06af5e8dd.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: aTiOP3ddQIc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v036-054bb709c.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: DfL0CTNSSCQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5107433823931745457&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame E55E
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=5107433823931745457&bid=omt9pi0

0
344 B

41ms
7ms

Image
text/plain

3.124.210.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=5107433823931745457&bid=omt9pi0
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Server: 3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 12 Jul 2022 17:18:44 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=5107433823931745457&bid=omt9pi0
Date: Tue, 12 Jul 2022 17:18:44 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 cksync.php
contextual.media.net/ Frame E55E 45 B
617 B 58ms
32ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5107433823931745457

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
server: Apache
date: Tue, 12 Jul 2022 17:18:44 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 12 Jul 2022 17:18:44 GMT

GET
H2 200 serving
bs.serving-sys.com/ Frame E55E 0
105 B 61ms
8ms Image
text/plain 18.158.183.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.183.134 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-183-134.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 0
p3p: CP="NOI DEVa OUR BUS UNI"

GET
H3

451

501709.gif
idsync.rlcdn.com/ Frame E55E
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5107433823931745457&referrer=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%...
https://p.rfihub.com/cm?pub=39342&in=0&userid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D8ab17add-c6b8-4b3c-ae60-d1529ac...
https://idsync.rlcdn.com/501709.gif?partner_uid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968

0
9 B

101ms
38ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/501709.gif?partner_uid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968
Protocol: H3
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

Location: https://idsync.rlcdn.com/501709.gif?partner_uid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968
Date: Tue, 12 Jul 2022 17:18:44 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame E55E 43 B
109 B 367ms
134ms Image
image/gif 52.200.119.241
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=5107433823931745457
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.119.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-119-241.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame E55E
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward=&C=1

43 B
949 B

85ms
67ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward=&C=1
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 729b709628639a00-FRA
pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JNVlJ3id8hy1p7VRhJfbiMfV9M8DCJMMVcO%2BWZrnZCaA%2By%2FhD7hXD7ePJQXYzvEc5yPG7vPHLtdRLF0v6%2BKTbSBr81sHqWbCakAaR0RO3fd%2B8G8Qhmfg7%2BreNv4YPSu0tmhRlmjL02%2F9IQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEpsKAkHEVBJN9q9ienfDPiz8buvcXbNPZXDxXRAYgpZPYmCmEgXLXtqpR0%2FBVz9wEoalkMNZ7%2BCw7q9xeMv9X7UawQz0wo8PVa2yM2Srtr2ruG%2BeuPMPAH1iUG7XtJi6eY%2F1jP%2FhwRZrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=57&external_user_id=5107433823931745457&forward=&C=1
cache-control: no-cache
cf-ray: 729b7095db1f9960-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 451 360947.gif
idsync.rlcdn.com/ Frame E55E 0
98 B 114ms
42ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=5107433823931745457
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame E55E 43 B
191 B 490ms
151ms Image
image/gif 104.92.72.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5107433823931745457

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.92.72.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-72-137.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 12 Jul 2022 17:18:44 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame E55E
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5107433823931745457&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5107433823931745457&img=1&__user_check__=1&sync_id=aea6940a-0206-11ed-a8ad-14604df00306

43 B
549 B

1016ms
1015ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5107433823931745457&img=1&__user_check__=1&sync_id=aea6940a-0206-11ed-a8ad-14604df00306
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 12 Jul 2022 17:18:45 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 113
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 12 Jul 2022 17:18:44 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=5107433823931745457&img=1&__user_check__=1&sync_id=aea6940a-0206-11ed-a8ad-14604df00306
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 20
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame E55E 43 B
183 B 376ms
112ms Image
image/gif 2600:1f18:612b:4264:35be:ace0:b22e:18d9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=5107433823931745457&r=b_TRV42kSrDQ
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:35be:ace0:b22e:18d9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame E55E 43 B
377 B 43ms
7ms Image
image/gif 35.156.83.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5107433823931745457
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.83.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-83-159.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame E55E 0
338 B 115ms
28ms Image
text/plain 52.50.214.249
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5107433823931745457
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.214.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-214-249.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1657646324
x-served-by: beacon-n009-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame E55E
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=5107433823931745457&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5107433823931745457&expires=30

43 B
495 B

9ms
9ms

Image
image/gif

18.195.192.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5107433823931745457&expires=30
Protocol: HTTP/1.1
Server: 18.195.192.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-192-101.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 12 Jul 2022 17:18:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5107433823931745457&expires=30
Date: Tue, 12 Jul 2022 17:18:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 503 /
sync-tm.everesttech.net/upi/pid/Mlpt2JaG/ Frame E55E 0
177 B 35ms
6ms Image
text/plain 151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
Requested by: Host: secure.everyaction.com
URL: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20802620p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jul 2022 17:18:44 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1657646324.226928,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn4075-HHN

GET
H3 200 share_button.php Show response
www.facebook.com/plugins/ Frame 9749 58 KB
14 KB 84ms
74ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df158ed10421b43c%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=103&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=4616765ac0791f02fc0a732fb3e9720a

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8d82608fda535b9643d97b9b0b1d156e03fc12f696e3767784a04a26fdbfd1e7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.everyaction.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jul 2022 17:18:44 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: oTY+IZF2JCBPMW6lpxqFxr8pGuZ9cqUOf70LSY4j8kAtxVgGuA4u3JFZnpQJuO0qZbNLfa8TB/2ZnFNglqDchw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=timing&_s=2&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=3497&pdt=21&dns=31&rrt=948&srt=603&tcp=15&dit=2596&clt=2596&_gst=2757&_gbt=2982&_cst=2482&_cbt=2741&_u=YGHAgEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-62682497-4&_gid=1206225538.1657646324&gtm=2wg7b0PM473M&z=342748959

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72930
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
39ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2049432069&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&ul=en-us&de=UTF-8&dt=An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2FtfBn_iK2XUm2E9uQO9d1jQ2&el=25%25&_u=aGHAAEABAAAAAG~&jid=&gjid=&cid=1058214227.1657646324&tid=UA-6648639-1&_gid=1206225538.1657646324&gtm=2wg7b0NB5C4Q&z=10551747

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Jul 2022 21:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 72930
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 WmLAcuxZoic1x31SNRja_C2C Show response
secure.everyaction.com/Databag/Profile/ 0
227 B 104ms
103ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/Databag/Profile/WmLAcuxZoic1x31SNRja_C2C

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.everyaction.com/tfBn_iK2XUm2E9uQO9d1jQ2?contactdata=2PrGZOjLSkAHBerDtcA%2fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE+P1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%2fAZxR2ASoniFAP9O2QJn1LF+nMdZJ57WRxIy%2fkDMVZxifZOzjC8q2x1GG8l7eA%3d&ms=SMS&mmdr=da8dd81d-663c-4c40-a497-38ea89694f33
Request-Id: |4f77fe7dd1b3409cab62c24ff9c709d5.b36cbaec37ad4b55
traceparent: 00-4f77fe7dd1b3409cab62c24ff9c709d5-b36cbaec37ad4b55-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
x-content-type-options: nosniff
x-cdn: Imperva
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
x-iinfo: 10-160819639-160819645 PNNN RT(1657646321486 2544) q(0 0 0 -1) r(1 1) U11
access-control-expose-headers: Request-Context
cache-control: private
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 204 WmLAcuxZoic1x31SNRja_C2C Show response
secure.ngpvan.com/Databag/Profile/ 0
918 B 404ms
373ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/Databag/Profile/WmLAcuxZoic1x31SNRja_C2C

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
x-content-type-options: nosniff
x-cdn: Imperva
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://secure.everyaction.com
x-iinfo: 3-119020157-119020220 NNNN CT(96 176 0) RT(1657646323192 868) q(0 0 3 0) r(4 4) U11
access-control-expose-headers: Request-Context
cache-control: private
access-control-allow-credentials: true
content-security-policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
367 B 416ms
101ms XHR
text/plain 54.210.202.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.210.202.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-210-202-232.compute-1.amazonaws.com
Software: nginx/1.21.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 12 Jul 2022 17:18:44 GMT
Server: nginx/1.21.0
Content-Type: text/plain
Access-Control-Allow-Origin: https://secure.everyaction.com
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 5391752e-3b88-4909-8f77-1ff1d84d2b9b

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 204ms
17ms Preflight 13.69.106.217
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.217 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://secure.everyaction.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Tue, 12 Jul 2022 17:18:44 GMT
x-content-type-options: nosniff

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 98 B
283 B 66ms
66ms XHR
application/json 13.69.106.217
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.217 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8565cc4fc2c9b1e05296a2d3dc0ea08877471fa122095b7b757cd8e897b38862

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.everyaction.com/
accept-language: de-DE,de;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 71CECC3E-391E-4392-85F9-C0D74F063A17
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 12 Jul 2022 17:18:44 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 98

GET
H3 200 zSKZHMh8mXU.png
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame 9749 388 B
440 B 7ms
7ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/zSKZHMh8mXU.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df158ed10421b43c%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=103&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
x-content-type-options: nosniff
content-md5: mLIKfuTnwd0c8uA9BXg4cQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 388
x-fb-rlafr: 0
x-fb-debug: GiztFnCcN3GKxaF5gDLWuMhKn7RpM18S1LK0jwUB7EFHxENAGIcSlHH+SRAOap2iVY0rtO6FI2bMBjY4vjmxJw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=6
expires: Sat, 01 Jul 2023 05:08:20 GMT

GET
H3 200 bASR9_iYU3j.js Show response
static.xx.fbcdn.net/rsrc.php/v3iI4w4/yL/l/ru_RU/ Frame 9749 535 KB
139 KB 11ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iI4w4/yL/l/ru_RU/bASR9_iYU3j.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df158ed10421b43c%26domain%3Dsecure.everyaction.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsecure.everyaction.com%252Ff2571dbd1143b48%26relation%3Dparent.parent&container_width=103&href=https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%3Fms%3Dfacebook&layout=box_count&locale=ru_RU&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b0bba129bdba996e42a5bd5bf46045838ec4ef119e67d97f55b90299d0829a09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: +8V+QlueJPJZNAA9QyrAEg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 142176
x-fb-rlafr: 0
x-fb-debug: 9Qo25tuXHocIKwOTANCFOLe889em2151VWLUvR6CuMJoBPEW4DkYlHZFx6oDIYhpgu4t9M3pQSWGluudslutsA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 12 Jul 2023 08:37:54 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=625465517575530&ev=Microdata&dl=https%3A%2F%2Fsecure.everyaction.com%2FtfBn_iK2XUm2E9uQO9d1jQ2%3Fcontactdata%3D2PrGZOjLSkAHBerDtcA%252fYBuKZgd5jV2eVpj5td8guUx00BO875CenuiK8ufC4C4yvZ9vTOeXvGJI1X825OGWdRH6gwNDUaKiu5wz7Tz7EE%2BP1AzuneiQjviD9rElVQY5jrnx8SV0BKHLYSCpQXy59R4z2NBjiKcx3CkeiXvIAacRm%252fAZxR2ASoniFAP9O2QJn1LF%2BnMdZJ57WRxIy%252fkDMVZxifZOzjC8q2x1GG8l7eA%253d%26ms%3DSMS%26mmdr%3Dda8dd81d-663c-4c40-a497-38ea89694f33&rl=&if=false&ts=1657646324363&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Union%20of%20Concerned%20Scientists%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fnvlupin.blob.core.windows.net%2Fimages%2Fvan%2FUCS%2FUCS%2F1%2F58097%2Fimages%2Fenergy-coal-smokestacks-smog.jpg%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fsecure.ucsusa.org%2Fa%2F2022-07-12-webinar-scotus-epa-decision%22%2C%22og%3Atitle%22%3A%22An%20Inside%20Look%3A%20What%20the%20Supreme%20Court%27s%20EPA%20Decision%20Means%20for%20Climate%20Action%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Adescription%22%3A%22The%20Union%20of%20Concerned%20Scientists%20invites%20you%20to%20a%20virtual%20discussion%20on%20the%20recent%20Supreme%20Court%20decision%20limiting%20the%20EPA%27s%20ability%20to%20rein%20in%20emissions%20from%20power%20plants%20and%20what%20it%20means%20for%20climate%20action%3A%20Tuesday%2C%20July%2012%2C%207%3A00%E2%80%938%3A00%20p.m.%20ET.%22%2C%22twitter%3Acard%22%3A%22summary_large_image%22%2C%22twitter%3Asite%22%3A%22%40ucsusa%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.64&r=stable&ec=1&o=30&fbp=fb.1.1657646323859.1387877139&it=1657646323684&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.everyaction.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 17:18:44 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 12 Jul 2022 17:18:44 GMT

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

58 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mbl.ms/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: xcgamuu0qsynms4ahvk52eh1
.mbl.ms/	1970-01-20 13:12:25	Name: visid_incap_2427410 Value: TwsIr05BTGOp8d0sVkonE/CszWIAAAAAQUIPAAAAAABDH4ybsSAJzbx5Rk7jqJga
.mbl.ms/	1969-12-31 23:59:59	Name: nlbi_2427410 Value: Y1WGbRQO1U3RpD7fhZnF+gAAAABlwtTMyzrZjRdu0uH7gnOw
.mbl.ms/	1969-12-31 23:59:59	Name: incap_ses_1369_2427410 Value: fKWHSV+hLxTsujn4p6r/EvCszWIAAAAAYN0YzSslTo6xgajKNw5G1Q==
.everyaction.com/	1970-01-20 13:11:55	Name: visid_incap_823975 Value: VhkSY+RmRfStp5kpTqGn6PGszWIAAAAAQUIPAAAAAADpV393A640IifywJosensC
.everyaction.com/	1969-12-31 23:59:59	Name: nlbi_823975 Value: rSJyfxXOxybwfTLhxwoUeQAAAADl1+GckRGIUEivFElO/0PO
.everyaction.com/	1969-12-31 23:59:59	Name: incap_ses_472_823975 Value: HevkPLWMxB25sHkbT+KMBvKszWIAAAAArLw+ROO8LlE9jmi1JUSI7w==
.secure.everyaction.com/	1970-01-20 04:27:29	Name: TiPMix Value: 57.435886989120974
.secure.everyaction.com/	1970-01-20 04:27:29	Name: x-ms-routing-name Value: self
.everyaction.com/	1970-01-20 08:46:38	Name: optimizelyEndUserId Value: oeu1657646323223r0.6490446419502109
secure.everyaction.com/	1970-01-20 13:13:02	Name: ai_user Value: NsQdDTFiaftoAK8I+i20hU\|2022-07-12T17:18:43.372Z
secure.everyaction.com/	1970-01-20 05:12:04	Name: ucssharecontent Value: https%253A%252F%252Fsecure.ucsusa.org%252Fa%252F2022-07-12-webinar-scotus-epa-decision%253Fms%253Dfacebook*http%253A%252F%252Ftwitter.com%252Fintent%252Ftweet%253Ftext%253DAn%252520Inside%252520Look%25253A%252520What%252520the%252520Supreme%252520Court%27s%252520EPA%252520Decision%252520Means%252520for%252520Climate%252520Action%2520https%25253A%25252F%25252Fsecure.ucsusa.org%25252Fa%25252F2022-07-12-webinar-scotus-epa-decision%25253Fms%25253Dtwitter*mailto%253A%253Fsubject%253DAn%252520Inside%252520Look%25253A%252520What%252520the%252520Supreme%252520Court%27s%252520EPA%252520Decision%252520Means%252520for%252520Climate%252520Action%2526body%253DThe%252520Union%252520of%252520Concerned%252520Scientists%252520invites%252520you%252520to%252520a%252520virtual%252520discussion%252520on%252520the%252520recent%252520Supreme%252520Court%252520decision%252520limiting%252520the%252520EPA%27s%252520ability%252520to%252520rein%252520in%252520emissions%252520from%252520power%252520plants%252520and%252520what%252520it%252520means%252520for%252520climate%252520action%25253A%252520Tuesday%25252C%252520July%25252012%25252C%2525207%25253A00%2525E2%252580%2525938%25253A00%252520p.m.%252520ET.%25250D%25250A%25250D%25250Ahttps%25253A%25252F%25252Fsecure.ucsusa.org%25252Fa%25252F2022-07-12-webinar-scotus-epa-decision%25253Fms%25253DTAF
secure.everyaction.com/	1970-01-20 04:27:28	Name: ai_session Value: W4LMgTdVDLxO8RRrgbOIU1\|1657646323469\|1657646323469
.everyaction.com/	1970-01-20 06:37:02	Name: _gcl_au Value: 1.1.1172710386.1657646324
.secure.everyaction.com/	1970-01-20 21:58:38	Name: _ga Value: GA1.3.1058214227.1657646324
.secure.everyaction.com/	1970-01-20 04:28:52	Name: _gid Value: GA1.3.1206225538.1657646324
.secure.everyaction.com/	1970-01-20 04:27:26	Name: _dc_gtm_UA-62682497-4 Value: 1
.everyaction.com/	1970-01-20 04:28:52	Name: _gid Value: GA1.2.1206225538.1657646324
.everyaction.com/	1970-01-20 04:27:26	Name: _gat Value: 1
.everyaction.com/	1970-01-20 04:27:26	Name: _gat_UA-28243511-22 Value: 1
.everyaction.com/	1970-01-20 04:27:26	Name: _dc_gtm_UA-28243511-20 Value: 1
.secure.everyaction.com/	1970-01-20 04:27:26	Name: _gat_UA-6648639-1 Value: 1
.profile.ngpvan.com/	1970-01-20 04:27:29	Name: TiPMix Value: 74.04977110862947
.profile.ngpvan.com/	1970-01-20 04:27:29	Name: x-ms-routing-name Value: self
profile.ngpvan.com/	1970-01-23 20:06:19	Name: ngpvanuser Value: WmLAcuxZoic1x31SNRja_C2C
.quantserve.com/	1970-01-20 13:57:40	Name: mc Value: 62cdacf3-cc2e2-6a6d3-36469
.everyaction.com/	1970-01-20 06:37:02	Name: _fbp Value: fb.1.1657646323859.1387877139
.everyaction.com/	1970-01-20 13:51:55	Name: __qca Value: P0-124377714-1657646323828
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMrY0NjQ3MTUxNRfiM9R1zfUwtAi0dKwMyNMFANbQ4N8lAAAA
.rfihub.com/	1970-01-20 13:49:02	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMrY0NjQ3MTUxNRfiM9R1zfUwtAi0dKwMyNMFANbQ4N8lAAAA
.adnxs.com/	1970-01-20 06:37:02	Name: uuid2 Value: 4928746211672240072
.media.net/	1970-01-20 13:13:02	Name: visitor-id Value: 3006479248397091000V10
.media.net/	1970-01-20 13:11:35	Name: data-rk Value: 5107433823931745457~~3
.adnxs.com/	1970-01-20 06:37:02	Name: anj Value: dTM7k!M4/YErk#WF']wIg2Il_tDq/g!]tbPl1MNu::wpAk`W=elw1oydX>F]k`2IqjEXoEn93Ecj*Btd!_6-zQEVk`!+OV.@[I.#
.yahoo.com/	1970-01-20 13:13:23	Name: A3 Value: d=AQABBPSszWICEKR4gnofZONXI9xWI5rlDp0FEgEBAQH-zmLXYgAAAAAA_eMAAA&S=AQAAAs-vZ7PK9KzMBGOkm4HEbRY
.eyeota.net/	1970-01-20 04:27:26	Name: SERVERID Value: 18808~DM
.casalemedia.com/	1970-01-20 13:13:02	Name: CMID Value: Ys2s9M.hA82OSyDkOiS5swAA
.casalemedia.com/	1970-01-20 06:37:02	Name: CMPS Value: 1178
.casalemedia.com/	1970-01-20 06:37:02	Name: CMPRO Value: 1178
.demdex.net/	1970-01-20 08:46:38	Name: demdex Value: 25517784049825421552741366248873959566
.spotxchange.com/	1970-01-20 05:07:45	Name: audience Value: aea693bd-0206-11ed-a8ad-14604df00306
.doubleclick.net/	1970-01-20 13:49:02	Name: IDE Value: AHWqTUn2IDlXKaUEKC4MUVas_tO25M7-MsshW_MBWkWBhI5IbcKfdjpSoHHDVjChJfM
.dpm.demdex.net/	1970-01-20 08:46:38	Name: dpm Value: 25517784049825421552741366248873959566
.everyaction.com/	1970-01-20 21:58:38	Name: _ga Value: GA1.2.1058214227.1657646324
.everyaction.com/	1970-01-20 21:58:38	Name: _ga_VB9DKE4V36 Value: GS1.1.1657646323.1.0.1657646324.0
.rezync.com/	1970-01-20 08:46:13	Name: zync-uuid Value: 8ab17add-c6b8-4b3c-ae60-d1529acf31ad:1657646324.1640968
live.rezync.com/	1970-01-20 08:46:38	Name: sd-session-id Value: .eJwNyksOgyAQANC7zFoahhmGz2UMAk1IK21ENzXevS5f8k6Yv3VbU699h7hvR50gv9utAfGE0X5rfUEEi9oxkTcUCB1btg6uCUYdo3363Mp9fFrQpVJUlsUrXiirVEWrgtaElJ-EqUQU64SFDD9QWAfxcP0B1TMmgQ.Ys2s9A.nL4uixdzyRHzxghwu3dlNoTsMvU
.casalemedia.com/	1970-01-20 06:37:02	Name: CMTS Value: 5121
.rfihub.com/	1970-01-20 13:49:02	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA12dXaySPPLyw8oN3Fxroh3Dkn0KqrISQ7iNTQzNTczMTM2MjEyNpzFiMQ3MLBchcY_hcZ_hcb_hcafxITKn4XGX4TGX4XG34TG34WungWVfwuFb2G8iRVNPzeae9H4k4TNLRKTDM0TU1J0k82SLHRNkoyTdRNTzQx0UwxNjSwTk9OMDRNTrBCa9AzNTAwszSxmCSOHpKnhImFUkx-h8QFZQu6KlwEAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA12dXaySPPLyw8oN3Fxroh3Dkn0KqrISW5iMbdITDI0T0xJ0U02S7LQNUkyTtZNTDUz0E0xNDWyTExOMzZMTLEyNDM1NzMxMzYy0TM0MzGwNLMAAGik7lFYAAAA
.bidswitch.net/	1970-01-20 13:13:02	Name: tuuid Value: 85a4214e-65df-4d9d-8512-7216f3fb2dd6
.bidswitch.net/	1970-01-20 13:13:02	Name: c Value: 1657646324
.bidswitch.net/	1970-01-20 13:13:02	Name: tuuid_lu Value: 1657646324
.krxd.net/	1970-01-20 08:46:38	Name: _kuid_ Value: O9AFjf3R
.everyaction.com/	1970-01-23 20:07:45	Name: ProfileDatabagId Value: WmLAcuxZoic1x31SNRja_C2C
.secure.ngpvan.com/	1970-01-20 04:27:29	Name: TiPMix Value: 37.769012118375635
.secure.ngpvan.com/	1970-01-20 04:27:29	Name: x-ms-routing-name Value: self
.ngpvan.com/	1970-01-23 20:07:45	Name: ProfileDatabagId Value: WmLAcuxZoic1x31SNRja_C2C

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://secure.ucsusa.org/sites/all/themes/ucsusa/images/charity-navigator-four-stars.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cloud.typography.com/6045052/6787212/css/fonts.css Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://secure.ucsusa.org/sites/all/themes/ucsusa/images/charity-watch-top-rated.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure.ucsusa.org/sites/all/themes/ucsusa/images/guidestar-2020-platinum-badge-white.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure.ucsusa.org/sites/all/themes/ucsusa/images/bbb-accredited-charity-wide.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://idsync.rlcdn.com/360947.gif?partner_uid=5107433823931745457 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://idsync.rlcdn.com/501709.gif?partner_uid=8ab17add-c6b8-4b3c-ae60-d1529acf31ad%3A1657646324.1640968 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20802620p.rfihub.com
8188095.fls.doubleclick.net
a.rfihub.com
a3747760300.cdn.optimizely.com
aa.agkn.com
adservice.google.com
adservice.google.de
az416426.vo.msecnd.net
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c1.rfihub.net
cdn.optimizely.com
cloud.typography.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
contextual.media.net
dc.services.visualstudio.com
dpm.demdex.net
dsum-sec.casalemedia.com
fastaction.ngpvan.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
js2.verygoodvault.com
live.rezync.com
logx.optimizely.com
mbl.ms
nvlupin.blob.core.windows.net
p.rfihub.com
partners.tremorhub.com
pixel.quantserve.com
pixel.rubiconproject.com
profile.ngpvan.com
ps.eyeota.net
region1.google-analytics.com
rules.quantcount.com
s.yimg.com
secure.everyaction.com
secure.ngpvan.com
secure.quantserve.com
secure.ucsusa.org
sp.analytics.yahoo.com
static.everyaction.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.search.spotxchange.com
ucsusa.gitlab.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
x.dlx.addthis.com
104.117.200.111
104.18.19.126
104.89.40.9
104.92.72.137
108.138.17.14
13.69.106.217
142.250.181.226
142.250.184.194
142.250.185.198
143.204.89.7
151.101.2.49
18.158.183.134
18.195.192.101
185.89.210.91
185.94.180.125
193.0.160.129
2.18.235.93
20.60.58.97
2001:4860:4802:34::36
2001:4de0:ac18::1:a:3a
212.82.100.181
2600:1f18:612b:4264:35be:ace0:b22e:18d9
2600:9000:2156:f400:3:1d53:4780:93a1
2600:9000:223c:7000:6:44e3:f8c0:93a1
2600:9000:223c:c400:1:76cf:fe80:93a1
2600:9000:2251:9400:14:79be:a380:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1288:80:807::1
2a00:1450:4001:802::200e
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:813::2008
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:400c:c01::9d
2a02:26f0:3500:88e::13b8
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.124.210.90
34.253.74.200
35.156.83.159
35.185.44.232
35.244.174.68
45.60.103.183
45.60.33.183
52.200.119.241
52.50.214.249
54.210.202.232
69.173.144.139
00e67a6bb1601297c954a9c6438eb956f4ca87253683fb348d1bda64cee7d1ca
029aea9275de34ff8377c149bf4f7f9591e7d18e6c3bd4ddc40067598ae776f8
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13cc58cd63d0ce7d4c36283a22bbcc3bc8e74dc7958460355073aefed8fdb5bd
1742113d66b71ddb1b0893bec48372f074ae7d90557a1bb54a3ad34d8164938f
18c7974cdab32e0e913639d2a48b6b5015677b61e6a6c92abbfaeae341b37799
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756
23c1a5ffcf992a93cddb31369796699f8f14d25a5e0f7015ed7821b2b04f1cc2
249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f
26732aac610952027aa9b1a48be805396a81081ae04c9501ea41ee7c5d695e2f
2d2a9a198ac4b614ea8506ac00c6ce50d90ffacbc17b6c1e2387ba0906be2f5a
2e0430ce631b540c52eb4b70c4aca48e3577b0ebdec2ff404445af117061f7e7
3087cf83db8173cf2f8b4153cd48cd049d8c637a3897278a2dca5b82959983c6
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
450c11968152d6120b39f80fe8de61e4284ee3f8555aa6d4f95905da97d565cb
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d03a80be0f52fc96e2fcab55b1b32df997b6d1a0ee475b86b7402bb0166dcd9
537f9eead19a12fba144f0090cf109f02e22a3c58e2b7e933d7d40c83e9b7d6a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
573c225160896496026930b73473c7355bc327748f9b700e2c6ceb0ad6e255ad
67315acd47fca91a767aa68f94f8666c7ca01eebf6012326da7edb7e97106502
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d2d8d5fbc31ffec1e004cb3d8b2b153b34d8f483d24b633e3153d74c08e79ea
794191f2c823773ad0c3c9d958c56143203f1929906a9616fcebd06fd8eb52c9
7b77fd8b3d78dbe93e8f9156aa32804fee907187cbc82a80f3a9d2b8eff55647
7cbdd8fdda9d68b641b3ac6a3123c51c486c9bcab9dbc9508e34989e1ef8fe0c
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
7f81ca5658929d443992c29e7ef821b6825b38e21dc204922eb7444a2fc789d2
8171c7dc7a8cac5d613c7cd33a5b9e9966443b7c2a86322be01058fcebb981d8
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8496a94dcfd779693def6ae3e607a923fece02f38491ef1462e7cb51cab12e7d
852a4aecaa31d65756c12cdf99df578915ed498615505b8c9d79bb569fcbd935
8565cc4fc2c9b1e05296a2d3dc0ea08877471fa122095b7b757cd8e897b38862
8d82608fda535b9643d97b9b0b1d156e03fc12f696e3767784a04a26fdbfd1e7
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
9895210bc59f1359701fbde1b882c99297e424fb9117a2f7b47a6c477d5ba792
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b0bba129bdba996e42a5bd5bf46045838ec4ef119e67d97f55b90299d0829a09
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fbdd6c59281f452373fc0801e9a9cbfbdc35ea5ed8647d2e25c4571da3c079
b4f37cffbd33aa3ba25f0129c2474012a2dc64d909377795cc6acc58be8c43b0
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985
ba28457aec8e96bda721a20af6fd36d57940c7607597f0caadd72e6c08615f88
db6e7498fc02ff3dc7d9a7252033bdde67826f0f2ac6bfa55258a60b4c1f11f4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e66e9d5aa51dcdf9d077f9d9ea0722e08722bcfc6fa679d0d31e9d277fc21954
ea2735a6f5b4a57fa234cba664892bbe26a93dc89c9d6d473ca9b98c2590c5ed
ea7fd3e62274d09abf34926f8d43d30de2cb1241235132fac694def99624cc78
ecc5768a167d201f26f4b0d1868b1b308e5d531d9f9ad1f8094eb7089637c929
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24c990b427c63b41da619a8aa7f8f0aec388026af19edd77fe50db380d21773
f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
fce024102ecb2694886b84f32a7ae9a5d829484aeb778950ce0f4d8960e9c69f
fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

secure.everyaction.com Open in urlscan Pro 45.60.33.183 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

104 Requests

92 %HTTPS

41 %IPv6

44 Domains

58 Subdomains

49 IPs

7 Countries

1530 kBTransfer

4869 kBSize

58 Cookies

28 Outgoing links

Page URL History

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.everyaction.com Open in urlscan Pro
45.60.33.183 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

92 %
HTTPS

41 %
IPv6

44
Domains

58
Subdomains

49
IPs

7
Countries

1530 kB
Transfer

4869 kB
Size

58
Cookies

104 HTTP transactions
2 data transactions